Search criteria
9 vulnerabilities found for levistudio by wecon
VAR-201607-0453
Vulnerability from variot - Updated: 2023-12-18 13:03Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file. WECON LeviStudio is the HMI programming software. WECON LeviStudio is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0453",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levistudio",
"scope": "eq",
"trust": 1.6,
"vendor": "wecon",
"version": null
},
{
"model": "levistudio",
"scope": null,
"trust": 1.4,
"vendor": "wecon",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudio",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wecon:levistudio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5781"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rocco Calvi,Brian Gorenc - HPE Zero Day Initiative.",
"sources": [
{
"db": "BID",
"id": "91522"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5781",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5781",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-04734",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5781",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5781",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-04734",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file. WECON LeviStudio is the HMI programming software. WECON LeviStudio is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"db": "BID",
"id": "91522"
},
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5781",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-189-01",
"trust": 2.4
},
{
"db": "BID",
"id": "91522",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2016-04734",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-093",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003747",
"trust": 0.8
},
{
"db": "IVD",
"id": "F265B32C-F8C3-47F6-9264-0668B5F3E59F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"db": "BID",
"id": "91522"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
]
},
"id": "VAR-201607-0453",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
}
]
},
"last_update_date": "2023-12-18T13:03:17.727000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LeviStudio",
"trust": 0.8,
"url": "http://we-con.pl/levistudiou/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"db": "NVD",
"id": "CVE-2016-5781"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-189-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/91522"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5781"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5781"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"db": "BID",
"id": "91522"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-13T00:00:00",
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"date": "2016-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"date": "2016-06-30T00:00:00",
"db": "BID",
"id": "91522"
},
{
"date": "2016-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"date": "2016-07-12T02:00:13.847000",
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"date": "2016-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04734"
},
{
"date": "2016-07-08T21:15:00",
"db": "BID",
"id": "91522"
},
{
"date": "2016-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003747"
},
{
"date": "2016-11-28T20:29:25.860000",
"db": "NVD",
"id": "CVE-2016-5781"
},
{
"date": "2016-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON LeviStudio Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNVD",
"id": "CNVD-2016-04734"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "f265b32c-f8c3-47f6-9264-0668b5f3e59f"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-093"
}
],
"trust": 0.8
}
}
VAR-201712-0116
Vulnerability from variot - Updated: 2023-12-18 12:57A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. WECON LeviStudio HMI Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudio Project files. When parsing the Driver field, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. WECON LeviStudio is an HMI programming software. Wecon LEVI Studio HMI is prone to heap-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levi studio hmi",
"scope": "eq",
"trust": 1.6,
"vendor": "we con",
"version": null
},
{
"model": "levistudio",
"scope": null,
"trust": 1.5,
"vendor": "wecon",
"version": null
},
{
"model": "levistudio hmi",
"scope": null,
"trust": 0.6,
"vendor": "wecon",
"version": null
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levi studio hmi",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levi_studio_hmi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael DePlante",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "BID",
"id": "102230"
}
],
"trust": 1.0
},
"cve": "CVE-2017-16717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16717",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37689",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-16717",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16717",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-16717",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-742",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. WECON LeviStudio HMI Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudio Project files. When parsing the Driver field, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. WECON LeviStudio is an HMI programming software. Wecon LEVI Studio HMI is prone to heap-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16717",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-05",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2017-37689",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5085",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-1001",
"trust": 0.7
},
{
"db": "BID",
"id": "102230",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2DFF630-39AB-11E9-80C8-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"id": "VAR-201712-0116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
}
],
"trust": 1.61578945
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
}
]
},
"last_update_date": "2023-12-18T12:57:10.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/index.aspx"
},
{
"title": "Wecon has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-05"
},
{
"title": "WECON LeviStudio patch for HMI heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111281"
},
{
"title": "WECON LeviStudio HMI Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77234"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-05"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16717"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16717"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102230"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"date": "2017-12-20T19:29:00.207000",
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102230"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"date": "2019-10-09T23:25:14.003000",
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON LeviStudio HMI Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
],
"trust": 0.8
}
}
VAR-201804-1655
Vulnerability from variot - Updated: 2023-12-18 12:50A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe. When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levistudio hmi editor",
"scope": "eq",
"trust": 1.6,
"vendor": "we con",
"version": "1.10"
},
{
"model": "levistudio",
"scope": null,
"trust": 1.4,
"vendor": "wecon",
"version": null
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 1.1,
"vendor": "wecon",
"version": "1.8.29"
},
{
"model": "levistudiou",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "pi studio hmi project programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "2017-11-11"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.8,
"vendor": "wecon",
"version": "1.10"
},
{
"model": "pi studio hmi project programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "wecon",
"version": "build: november 11"
},
{
"model": "pi studio hmi project programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "wecon",
"version": "2017"
},
{
"model": "levistudiou",
"scope": null,
"trust": 0.7,
"vendor": "wecon",
"version": null
},
{
"model": "pi studio hmi project programmer",
"scope": null,
"trust": 0.7,
"vendor": "wecon",
"version": null
},
{
"model": "levistudio hmi editor",
"scope": "lte",
"trust": 0.6,
"vendor": "wecon",
"version": "\u003c=1.8.29"
},
{
"model": "pi studio hmi project programmer \u003c=november",
"scope": "eq",
"trust": 0.6,
"vendor": "wecon",
"version": "112017"
},
{
"model": "pi studio hmi project programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "2017-11-11"
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "pi studio hmi project programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "0"
},
{
"model": "levistudio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudio hmi editor",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudiou",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi studio hmi programmer",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levistudio_hmi_editor:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:pi_studio_hmi_project_programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017-11-11",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7527"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Zelenyuk of RVRT",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
}
],
"trust": 2.1
},
"cve": "CVE-2018-7527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7527",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 2.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7527",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-08900",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7527",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7527",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7527",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-08900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1462",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe. When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
}
],
"trust": 5.13
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7527",
"trust": 6.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-116-02",
"trust": 3.3
},
{
"db": "BID",
"id": "104016",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-08900",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5480",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-406",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5481",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-407",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5482",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-408",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5506",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-409",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2EDD8E1-39AB-11E9-B1AA-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"id": "VAR-201804-1655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
}
],
"trust": 1.3885025
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
}
]
},
"last_update_date": "2023-12-18T12:50:46.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wecon has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-116-02"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/index.aspx"
},
{
"title": "Patches for multiple WECON product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/128121"
},
{
"title": "Multiple WECON Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79723"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 6.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-116-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/104016"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7527"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7527"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-04T00:00:00",
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"date": "2018-05-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"date": "2018-04-26T00:00:00",
"db": "BID",
"id": "104016"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"date": "2018-04-26T20:29:00.523000",
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"date": "2018-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"date": "2018-05-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"date": "2018-04-26T00:00:00",
"db": "BID",
"id": "104016"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"date": "2019-10-09T23:42:23.267000",
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"date": "2020-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wecon LeviStudioU of LeviStudio HMI Editor and PI Studio HMI Project Programmer Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
],
"trust": 0.8
}
}
VAR-201704-1016
Vulnerability from variot - Updated: 2023-12-18 12:44A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system. WECON products are widely used in machinery, metallurgy, chemical, petroleum and other industries. An attacker could exploit the vulnerability to execute arbitrary code in the context of the user running the affected application. 1. A stack-based buffer-overflow vulnerability 2. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levi studio hmi editor",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "1.8.0"
},
{
"model": "levistudio",
"scope": "lt",
"trust": 0.8,
"vendor": "wecon",
"version": "hmi editor 1.8.1"
},
{
"model": "levi studio hmi editor",
"scope": "lt",
"trust": 0.6,
"vendor": "wecon",
"version": "1.8.1"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "1.8.0"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "0"
},
{
"model": "levi studio hmi editor",
"scope": "ne",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levi studio hmi editor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levi_studio_hmi_editor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6035"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "working with iDefense Labs.,Andrea (rgod) Micalizzi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
],
"trust": 0.6
},
"cve": "CVE-2017-6035",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6035",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-05683",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6035",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6035",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-05683",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-976",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system. WECON products are widely used in machinery, metallurgy, chemical, petroleum and other industries. An attacker could exploit the vulnerability to execute arbitrary code in the context of the user running the affected application. \n1. A stack-based buffer-overflow vulnerability\n2. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6035",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-103-01",
"trust": 2.7
},
{
"db": "BID",
"id": "97639",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-05683",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631",
"trust": 0.8
},
{
"db": "IVD",
"id": "0228E4FF-A75C-486A-BF64-87462B6E7289",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"id": "VAR-201704-1016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
}
],
"trust": 1.4315789
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
}
]
},
"last_update_date": "2023-12-18T12:44:39.381000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/"
},
{
"title": "Wecon Technologies LEVI Studio HMI Editor Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/92972"
},
{
"title": "Wecon Technologies LEVI Studio HMI Editor Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70245"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "NVD",
"id": "CVE-2017-6035"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-103-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/97639"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6035"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6035"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"date": "2017-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"date": "2017-04-13T00:00:00",
"db": "BID",
"id": "97639"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"date": "2017-04-27T00:59:00.147000",
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05683"
},
{
"date": "2017-04-18T00:06:00",
"db": "BID",
"id": "97639"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003631"
},
{
"date": "2019-10-09T23:28:36.263000",
"db": "NVD",
"id": "CVE-2017-6035"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wecon Technologies LEVI Studio HMI Editor Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05683"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "0228e4ff-a75c-486a-bf64-87462b6e7289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-976"
}
],
"trust": 0.8
}
}
VAR-201704-1017
Vulnerability from variot - Updated: 2023-12-18 12:44A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system. 1. A stack-based buffer-overflow vulnerability 2. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levi studio hmi editor",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "1.8.0"
},
{
"model": "levistudio",
"scope": "lt",
"trust": 0.8,
"vendor": "wecon",
"version": "hmi editor 1.8.1"
},
{
"model": "levi studio hmi editor",
"scope": "lt",
"trust": 0.6,
"vendor": "wecon",
"version": "1.8.1"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "1.8.0"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "0"
},
{
"model": "levi studio hmi editor",
"scope": "ne",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levi studio hmi editor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levi_studio_hmi_editor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "working with iDefense Labs.,Andrea (rgod) Micalizzi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
],
"trust": 0.6
},
"cve": "CVE-2017-6037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6037",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-07228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6037",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6037",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07228",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-977",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system. \n1. A stack-based buffer-overflow vulnerability\n2. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6037",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-103-01",
"trust": 3.3
},
{
"db": "BID",
"id": "97639",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-07228",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632",
"trust": 0.8
},
{
"db": "IVD",
"id": "F46BFC63-C02A-4550-8EEA-1742E10A0209",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"id": "VAR-201704-1017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
}
],
"trust": 1.4315789
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
}
]
},
"last_update_date": "2023-12-18T12:44:39.346000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/"
},
{
"title": "Wecon Technologies LEVI Studio HMI Editor Patch Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94066"
},
{
"title": "Wecon Technologies LEVI Studio HMI Editor Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70246"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "NVD",
"id": "CVE-2017-6037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-103-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/97639"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6037"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6037"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"db": "BID",
"id": "97639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"date": "2017-04-13T00:00:00",
"db": "BID",
"id": "97639"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"date": "2017-04-27T00:59:00.290000",
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07228"
},
{
"date": "2017-04-18T00:06:00",
"db": "BID",
"id": "97639"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003632"
},
{
"date": "2019-10-09T23:28:36.543000",
"db": "NVD",
"id": "CVE-2017-6037"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wecon Technologies LEVI Studio HMI Editor Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNVD",
"id": "CNVD-2017-07228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "f46bfc63-c02a-4550-8eea-1742e10a0209"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-977"
}
],
"trust": 0.8
}
}
VAR-201805-1193
Vulnerability from variot - Updated: 2022-05-17 02:10WECON LeviStudio is a set of human-machine interface programming software from China WECON company.
WECON LeviStudio has a heap overflow vulnerability. An attacker could exploit the vulnerability to cause the program to crash by constructing a malformed hmp file. If used successfully, it can lead to arbitrary code execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levistudio",
"scope": "eq",
"trust": 0.8,
"vendor": "wecon",
"version": "20180426"
}
],
"sources": [
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-09981",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-09981",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON LeviStudio is a set of human-machine interface programming software from China WECON company. \n\nWECON LeviStudio has a heap overflow vulnerability. An attacker could exploit the vulnerability to cause the program to crash by constructing a malformed hmp file. If used successfully, it can lead to arbitrary code execution",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09981"
},
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09981",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EFFBC1-39AB-11E9-8633-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"id": "VAR-201805-1193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"last_update_date": "2022-05-17T02:10:30.249000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LeviStudio has a heap overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/128685"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
},
{
"date": "2018-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09981"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON LeviStudio has a heap overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09981"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2effbc1-39ab-11e9-8633-000c29342cb1"
}
],
"trust": 0.2
}
}
FKIE_CVE-2016-5781
Vulnerability from fkie_nvd - Published: 2016-07-12 02:00 - Updated: 2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/91522 | ||
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91522 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wecon | levistudio | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wecon:levistudio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50EE4EAD-9C47-4F2C-B338-6AB9AF8D5A09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "libs/binder/Parcel.cpp en las Parcels Framework APIs en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01 no valida el valor de retorno de la llamada al sistema dup, lo que permite a atacantes eludir un mecanismo de protecci\u00f3n por aislamiento a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocido como error interno 28395952."
}
],
"id": "CVE-2016-5781",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-12T02:00:13.847",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-5781 (GCVE-0-2016-5781)
Vulnerability from cvelistv5 – Published: 2016-07-12 01:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:08.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-5781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-5781",
"datePublished": "2016-07-12T01:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:08.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5781 (GCVE-0-2016-5781)
Vulnerability from nvd – Published: 2016-07-12 01:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:08.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-5781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-5781",
"datePublished": "2016-07-12T01:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:08.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}