OTPulse
FeedAboutContact

WECON PLC Editor

Monitor7.8ICS-CERT ICSA-21-315-01Nov 11, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

WECON PLC Editor versions 1.3.8 and earlier contain buffer overflow vulnerabilities (CWE-121, CWE-787) that could allow arbitrary code execution on a machine where the software is installed. The vulnerabilities are not remotely exploitable and require user interaction (opening a malicious file or clicking a link). WECON has not provided patches or engaged with CISA to address these issues. No public exploits exist for these vulnerabilities.

What this means
What could happen
An attacker with local access to a machine running PLC Editor could execute arbitrary code, potentially allowing them to modify PLC programs or steal engineering credentials used to manage manufacturing control systems.
Who's at risk
Manufacturing facilities that use WECON PLC Editor to program or maintain PLCs. This affects engineering teams and control system technicians who rely on this tool. Small to medium plants using WECON equipment for process automation are most at risk if they do not have network segmentation between engineering workstations and production PLCs.
How it could be exploited
An attacker would need to trick a user into opening a malicious file or clicking a link while logged into a machine with PLC Editor installed. The vulnerability (buffer overflow) could then allow the attacker to run commands with the privileges of the user running PLC Editor. If that user has access to actual PLCs on the network, the attacker could then modify control logic or configurations.
Prerequisites
  • Local access to a machine running PLC Editor version 1.3.8 or earlier
  • User interaction required—victim must open a malicious file or click a link
  • Attacker cannot reach the PLC Editor machine remotely without first compromising another system on the network
no patch availablebuffer overflow vulnerability (stack/heap overflow)local access only (not remotely exploitable)requires user interaction
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
PLC Editor:≤ 1.3.8No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDTrain users and engineering staff not to open unsolicited email attachments or click links from untrusted sources on machines with PLC Editor installed
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXDo not use PLC Editor version 1.3.8 or earlier; upgrade to a newer version if available or transition to an alternative engineering tool if WECON does not release a patch
Mitigations - no patch available
0/2
PLC Editor: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGRestrict PLC Editor installation to isolated engineering workstations that are not directly connected to the production network
HARDENINGImplement application whitelisting or file integrity monitoring on machines running PLC Editor to detect unauthorized changes
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/76b8f520-8ce0-4a99-b450-dc5f24d9fe40
WECON PLC Editor | CVSS 7.8 - OTPulse