OTPulse
FeedAboutContact

EZAutomation EZ Touch Editor

Plan Patch7.8ICS-CERT ICSA-19-246-01Sep 3, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

EZ Touch Editor versions 2.1.0 and earlier contain a stack-based buffer overflow vulnerability (CWE-121) in project file handling. Successful exploitation allows an attacker to execute arbitrary code under the privileges of the EZ Touch Editor application when a malicious project file is opened. The vulnerability is not remotely exploitable and requires user interaction. No known public exploits currently target this flaw.

What this means
What could happen
An attacker with local access to a machine running EZ Touch Editor could execute arbitrary code with the application's privileges, potentially compromising engineering workstations and the integrity of automation projects being developed or modified.
Who's at risk
Engineering and automation teams using EZ Touch Editor on workstations should care. This affects anyone maintaining PLC programs, HMI interfaces, or automation logic using EZAutomation products. Risk is highest for organizations where engineering files are shared via email or collaborative platforms without strict source validation.
How it could be exploited
An attacker would need to trick a user into opening a malicious project file (.zpa or similar) in EZ Touch Editor on a local machine. The vulnerability lies in how the application processes project files, allowing code execution under the application's privilege level. This typically occurs through social engineering or phishing emails containing the malicious file.
Prerequisites
  • Local or physical access to a machine running EZ Touch Editor version 2.1.0 or earlier
  • User must open a malicious project file in the EZ Touch Editor
  • No authentication required—vulnerability is in file handling
Local execution required (not remotely exploitable)Low complexity attack vectorNo authentication requiredSocial engineering dependency
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
EZ Touch Editor:≤ 2.1.02.2.0
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDOnly open project files from trusted and verified sources; avoid opening unsolicited project files from email or untrusted channels
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EZ Touch Editor to version 2.2.0 or later
Long-term hardening
0/1
HARDENINGImplement email filtering and user awareness training to reduce the likelihood of users opening malicious attachments
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a1a3b5bd-880b-4630-93dd-fb0edc121ad3