EZAutomation EZ PLC Editor

Plan Patch7.8ICS-CERT ICSA-19-246-02Sep 3, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

EZ PLC Editor versions 1.8.41 and earlier contain a buffer overflow vulnerability (CWE-119) that allows code execution under the privileges of the application. Successful exploitation requires a user to open a malicious project file. The vulnerability is not remotely exploitable and has no known public exploits.

What this means

What could happen

An attacker could execute arbitrary code on the engineering workstation running EZ PLC Editor, potentially modifying PLC programs before they are deployed to control devices. This could result in unauthorized changes to industrial processes.

Who's at risk

Manufacturing facilities that use EZ PLC Editor (version 1.8.41 or earlier) on engineering workstations. This affects anyone responsible for developing or modifying PLC programs for EZAutomation controllers in industrial settings.

How it could be exploited

An attacker would need to trick a user into opening a malicious EZ PLC Editor project file from an untrusted source. The local file processing vulnerability in versions 1.8.41 and earlier would then allow code execution with the privileges of the user running the application.

Prerequisites

User must be running EZ PLC Editor version 1.8.41 or earlier
User must open a crafted malicious project file from an untrusted source
Local access to the engineering workstation (no remote exploitation)

Local code execution possibleAffects engineering/development systems that can program live equipmentNo authentication required to exploit if file is openedLow complexity attack requiring social engineering

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

EZ PLC Editor:≤ 1.8.411.9.0

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDOnly load EZ PLC Editor project files from known, trusted sources

HARDENINGEducate users on risks of opening unsolicited attachments and files from unknown sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EZ PLC Editor to version 1.9.0 or later

CVEs (1)

CVE-2019-13522

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8ad1c234-f4d5-42e4-9544-5cc96ecd00ef