WECON LeviStudioU

Monitor7.8ICS-CERT ICSA-21-355-03Dec 21, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

WECON LeviStudioU versions up to 2019-09-21 contain buffer overflow vulnerabilities (CWE-121, CWE-122) that allow local code execution. WECON has not responded to CISA requests to develop a fix. No public exploits currently target these vulnerabilities, and exploitation requires local access to an affected workstation.

What this means

What could happen

An attacker with local access to a machine running LeviStudioU could execute arbitrary code with the privileges of the logged-in user, potentially compromising engineering workstations and the configurations they manage for PLCs or other industrial devices.

Who's at risk

This affects anyone running WECON LeviStudioU engineering software on workstations used to configure or manage PLCs and industrial control systems. This includes manufacturing plants, utilities, water treatment facilities, and any site using WECON PLCs for process automation.

How it could be exploited

An attacker must first gain local access to a workstation running LeviStudioU, typically through social engineering (phishing emails with malicious attachments or links), physical access, or compromised credentials. Once local access is obtained, the vulnerability allows code execution without elevated privileges or user interaction beyond opening a malicious file.

Prerequisites

Local access to a workstation running LeviStudioU
User interaction required: opening a malicious file or link
No elevated privileges required

No patch availableEnd-of-life product (vendor unresponsive)Low complexity exploitationAffects engineering workstations with access to critical infrastructure

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (1)

ProductAffected VersionsFix Status

LeviStudioU:≤ 2019-09-21No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDContact WECON technical support for mitigation guidance and workaround information.

HARDENINGImplement email security controls to block unsolicited attachments and suspicious links; educate staff on recognizing phishing and social engineering attacks.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGRestrict LeviStudioU workstations to an isolated engineering network segment with no direct internet access; limit user accounts to non-administrative roles.

Mitigations - no patch available

0/1

LeviStudioU: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPerform a risk assessment to determine if LeviStudioU can be replaced with a vendor-supported alternative or if continued use is justified given the lack of vendor support.

CVEs (2)

CVE-2021-23138 CVE-2021-23157

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4ec21f6b-f90a-474c-824b-108c344659ce