WECON LeviStudioU (Update C)

Monitor7.8ICS-CERT ICSA-20-238-03Aug 25, 2020

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

WECON LeviStudioU versions up to Build 2019-09-21 contain stack-based buffer overflow (CWE-121, CWE-122) and XML external entity (XXE) injection (CWE-611) vulnerabilities. Successful exploitation allows an attacker to execute code under the application's privileges and obtain sensitive information. The vulnerabilities are triggered when a user opens a malicious project file in LeviStudioU.

What this means

What could happen

An attacker could execute arbitrary code on the engineering workstation running LeviStudioU by tricking a user into opening a malicious project file, potentially compromising PLC configuration files, stealing credentials, or modifying industrial process logic before deployment to control systems.

Who's at risk

Engineering teams and automation integrators using WECON LeviStudioU for PLC/HMI programming on Windows workstations. This affects any industrial facility (manufacturing, water/wastewater, utilities) that uses WECON controllers and relies on LeviStudioU for device configuration and program deployment.

How it could be exploited

An attacker creates a malicious LeviStudioU project file (containing crafted buffer overflow or XXE payload) and distributes it via email or file sharing. A user opens the file in LeviStudioU, triggering the vulnerability and allowing code execution under the application's privileges on the engineering workstation.

Prerequisites

User must open a malicious LeviStudioU project file
Vulnerable version of LeviStudioU (Build 2019-09-21 or earlier) must be installed on the target workstation
No special network access required

No patch availableLocal code execution via file handlingAffects engineering workstations with access to control system devicesSocial engineering attack vector

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

LeviStudioU: Release Build 2019-09-21 and prior≤ Build 2019-09-21No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDo not open or import LeviStudioU project files from untrusted sources or unsolicited emails

HARDENINGTrain users to recognize social engineering tactics targeting project file delivery (phishing, spear phishing, file-sharing links)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor for updates from WECON; upgrade to a patched version of LeviStudioU when available

Mitigations - no patch available

0/1

LeviStudioU: Release Build 2019-09-21 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment engineering workstations running LeviStudioU from general corporate email and file-sharing networks using network access controls

CVEs (3)

CVE-2020-16243 CVE-2020-25186 CVE-2020-25199

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3d91b483-6427-4465-ae04-b9ca31b67b68