WECON PLC Editor

Monitor7.8ICS-CERT ICSA-20-310-01Nov 5, 2020

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

WECON PLC Editor versions 1.3.8 and earlier contain memory corruption vulnerabilities (CWE-121 stack-based buffer overflow, CWE-122 heap-based buffer overflow) that allow local code execution under the privileges of the application. These vulnerabilities are not remotely exploitable and require local access to the workstation. WECON is developing a solution and recommends contacting them for updates. No public exploits are known.

What this means

What could happen

An attacker with local access to a PLC Editor workstation could execute arbitrary code with application privileges, potentially compromising engineering files or the integrity of PLC programs before they are deployed to production systems.

Who's at risk

Manufacturing facilities using WECON PLC Editor for program development and deployment should be concerned. This affects engineering and operations teams who use the Editor workstation to create, modify, and test PLC programs before sending them to production control systems.

How it could be exploited

An attacker must first gain local access to a machine running PLC Editor (e.g., through social engineering, phishing, or physical access). Once on the workstation, the attacker can trigger a memory corruption vulnerability (stack or heap buffer overflow) to execute code under the application's privileges. The attack requires user interaction or specific conditions to trigger the vulnerability.

Prerequisites

Local access to the PLC Editor workstation
PLC Editor version 1.3.8 or earlier installed
User interaction to open a malicious file or trigger the vulnerability

No patch availableMemory corruption vulnerability (stack/heap buffer overflow)Local access required but reachable via social engineeringAffects engineering integrity—compromised PLC programs could alter plant operations

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

PLC Editor:≤ 1.3.8No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and remote access to engineering workstations running PLC Editor using network segmentation and strong access controls

WORKAROUNDTrain staff to avoid opening unsolicited email attachments and clicking suspicious links that may deliver malicious files to engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor WECON vendor communications and security advisories for availability of a patched version; contact WECON directly at 0086-591-87868869-894 or online for patch status

Mitigations - no patch available

0/1

PLC Editor: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDiscontinue use of PLC Editor version 1.3.8 and earlier until a patched version is available from WECON

CVEs (2)

CVE-2020-25177 CVE-2020-25181

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/69ebda97-624e-4d25-a02d-14a3554a107a