Search criteria
13 vulnerabilities found for levistudiou by wecon
VAR-201809-0087
Vulnerability from variot - Updated: 2024-07-23 22:41WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levistudiou",
"scope": null,
"trust": 10.5,
"vendor": "wecon",
"version": null
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 1.6,
"vendor": "we con",
"version": "1.8.44"
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 1.6,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 0.6,
"vendor": "wecon",
"version": "1.8.29"
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 0.6,
"vendor": "wecon",
"version": "1.8.44"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudiou",
"version": "1.8.29"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudiou",
"version": "1.8.44"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-310"
},
{
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levistudiou:1.8.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:we-con:levistudiou:1.8.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mat Powell of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
}
],
"trust": 9.8
},
"cve": "CVE-2018-10602",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10602",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 10.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-14455",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-10602",
"trust": 10.5,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10602",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-14455",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-310",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-310"
},
{
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10602"
},
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
}
],
"trust": 11.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10602",
"trust": 12.9
},
{
"db": "ICS CERT",
"id": "ICSA-18-212-03",
"trust": 2.2
},
{
"db": "BID",
"id": "104935",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2018-14455",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-310",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5905",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-824",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5909",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-828",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5870",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-805",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5931",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-850",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5794",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-791",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5903",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-822",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5913",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-832",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5923",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-842",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5787",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-784",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5938",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-857",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6067",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-997",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5798",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-794",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5945",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-862",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5868",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-804",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5933",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-852",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2F727B1-39AB-11E9-8FF0-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-310"
},
{
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"id": "VAR-201809-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
}
]
},
"last_update_date": "2024-07-23T22:41:16.554000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wecon has issued an update to correct this vulnerability. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.03/07/18 - ZDI disclosed the report to ICS-CERT03/12/18 - ICS-CERT assigned ICS\u2011VU\u2011031741 and notified ZDI07/06/18 - ZDI inquired the status of ICS\u2011VU\u201103174107/09/18 - ICS-CERT replied that they would advise the vendor07/19/18 - ZDI advised ICS-CERT of the intended 0-day date: 07/26/2018-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
"trust": 10.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-212-03"
},
{
"title": "WECON (wei control) LeviStudioU stack heap buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/136079"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 12.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-212-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104935"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-310"
},
{
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-310"
},
{
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-02T00:00:00",
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"date": "2018-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"date": "2018-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"date": "2018-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"date": "2018-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-310"
},
{
"date": "2018-09-26T18:29:00.323000",
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-824"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-828"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-805"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-850"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-791"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-822"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-832"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-842"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-784"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-857"
},
{
"date": "2018-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-997"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-794"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-862"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-804"
},
{
"date": "2018-08-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-852"
},
{
"date": "2018-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14455"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-310"
},
{
"date": "2020-08-28T13:57:20.203000",
"db": "NVD",
"id": "CVE-2018-10602"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-310"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) Wecon LeviStudioU usermanage GroupList ID Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-824"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f727b1-39ab-11e9-8ff0-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-310"
}
],
"trust": 0.8
}
}
VAR-201801-0157
Vulnerability from variot - Updated: 2023-12-18 13:14An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. WECON Technology LEVI Studio HMI Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudioU Project files. When providing an overly long MulStatus szFilename XML attribute, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. LeviStudio HMI Editor is an editor in the human-machine interface of Wecon Technologies of China. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levistudiou",
"scope": null,
"trust": 2.1,
"vendor": "wecon",
"version": null
},
{
"model": "levistudio hmi editor",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "levi studio hmi editor",
"scope": "lte",
"trust": 0.8,
"vendor": "wecon",
"version": "1.8.29"
},
{
"model": "levi studio hmi editor",
"scope": "lte",
"trust": 0.6,
"vendor": "wecon",
"version": "\u003c=1.8.29"
},
{
"model": "levistudio hmi editor",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.29"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.2"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.1"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudio hmi editor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:we-con:levistudio_hmi_editor_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:we-con:levistudio_hmi_editor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16739"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Gorenc - Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-125"
}
],
"trust": 0.7
},
"cve": "CVE-2017-16739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16739",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 2.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16739",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-00908",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-107691",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16739",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-16739",
"trust": 2.1,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16739",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-00908",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-528",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-107691",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "VULHUB",
"id": "VHN-107691"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. WECON Technology LEVI Studio HMI Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudioU Project files. When providing an overly long MulStatus szFilename XML attribute, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. LeviStudio HMI Editor is an editor in the human-machine interface of Wecon Technologies of China. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-107691"
}
],
"trust": 4.59
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16739",
"trust": 5.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-011-01",
"trust": 3.4
},
{
"db": "BID",
"id": "102493",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-00908",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5217",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-125",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5311",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-128",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5230",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-127",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2E12EAE-39AB-11E9-87C7-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-107691",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "VULHUB",
"id": "VHN-107691"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"id": "VAR-201801-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "VULHUB",
"id": "VHN-107691"
}
],
"trust": 1.49703945
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
}
]
},
"last_update_date": "2023-12-18T13:14:03.822000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wecon has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-011-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/"
},
{
"title": "Patch for Wecon Technologies LeviStudio HMI Editor Stack Buffer Overflow Vulnerability (CNVD-2018-00908)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113411"
},
{
"title": "WECON Technology LEVI Studio HMI Editor Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77749"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107691"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "NVD",
"id": "CVE-2017-16739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-011-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102493"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16739"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16739"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "VULHUB",
"id": "VHN-107691"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"db": "VULHUB",
"id": "VHN-107691"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-107691"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102493"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"date": "2018-01-12T20:29:00.307000",
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"date": "2018-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-125"
},
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-128"
},
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-127"
},
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00908"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-107691"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102493"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"date": "2019-10-09T23:25:15.927000",
"db": "NVD",
"id": "CVE-2017-16739"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON Technology LEVI Studio HMI Editor Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012041"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2e12eae-39ab-11e9-87c7-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-528"
}
],
"trust": 0.8
}
}
VAR-201801-0156
Vulnerability from variot - Updated: 2023-12-18 13:14An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user. WECON Technology LEVI Studio HMI Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudioU Project files. When providing an overly long General FigureFile XML attribute, the process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. LeviStudio HMI Editor is an editor in the human-machine interface of Wecon Technologies of China. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levistudio hmi editor",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "levi studio hmi editor",
"scope": "lte",
"trust": 0.8,
"vendor": "wecon",
"version": "1.8.29"
},
{
"model": "levistudiou",
"scope": null,
"trust": 0.7,
"vendor": "wecon",
"version": null
},
{
"model": "levi studio hmi editor",
"scope": "lte",
"trust": 0.6,
"vendor": "wecon",
"version": "\u003c=1.8.29"
},
{
"model": "levistudio hmi editor",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.29"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.2"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8.1"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudio hmi editor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:we-con:levistudio_hmi_editor_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:we-con:levistudio_hmi_editor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16737"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HanM0u of CloverSec Labs",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-126"
}
],
"trust": 0.7
},
"cve": "CVE-2017-16737",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16737",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16737",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-00907",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-107689",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16737",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16737",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-16737",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-00907",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-529",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-107689",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "VULHUB",
"id": "VHN-107689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user. WECON Technology LEVI Studio HMI Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudioU Project files. When providing an overly long General FigureFile XML attribute, the process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. LeviStudio HMI Editor is an editor in the human-machine interface of Wecon Technologies of China. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-107689"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16737",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-011-01",
"trust": 3.4
},
{
"db": "BID",
"id": "102493",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-00907",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5229",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-126",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2E155C1-39AB-11E9-BEB3-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-107689",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "VULHUB",
"id": "VHN-107689"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"id": "VAR-201801-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "VULHUB",
"id": "VHN-107689"
}
],
"trust": 1.49703945
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
}
]
},
"last_update_date": "2023-12-18T13:14:00.548000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/"
},
{
"title": "Wecon has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-011-01"
},
{
"title": "Wecon Technologies LeviStudio HMI Editor heap buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113413"
},
{
"title": "WECON Technology LEVI Studio HMI Editor Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77750"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "NVD",
"id": "CVE-2017-16737"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-011-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102493"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16737"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16737"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "VULHUB",
"id": "VHN-107689"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"db": "VULHUB",
"id": "VHN-107689"
},
{
"db": "BID",
"id": "102493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-107689"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102493"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"date": "2018-01-12T20:29:00.260000",
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"date": "2018-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-18-126"
},
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00907"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-107689"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102493"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"date": "2019-10-09T23:25:15.783000",
"db": "NVD",
"id": "CVE-2017-16737"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON Technology LEVI Studio HMI Editor Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012040"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2e155c1-39ab-11e9-beb3-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-529"
}
],
"trust": 0.8
}
}
VAR-201804-1655
Vulnerability from variot - Updated: 2023-12-18 12:50A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe. When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levistudio hmi editor",
"scope": "eq",
"trust": 1.6,
"vendor": "we con",
"version": "1.10"
},
{
"model": "levistudio",
"scope": null,
"trust": 1.4,
"vendor": "wecon",
"version": null
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 1.1,
"vendor": "wecon",
"version": "1.8.29"
},
{
"model": "levistudiou",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "pi studio hmi project programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "we con",
"version": "2017-11-11"
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.8,
"vendor": "wecon",
"version": "1.10"
},
{
"model": "pi studio hmi project programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "wecon",
"version": "build: november 11"
},
{
"model": "pi studio hmi project programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "wecon",
"version": "2017"
},
{
"model": "levistudiou",
"scope": null,
"trust": 0.7,
"vendor": "wecon",
"version": null
},
{
"model": "pi studio hmi project programmer",
"scope": null,
"trust": 0.7,
"vendor": "wecon",
"version": null
},
{
"model": "levistudio hmi editor",
"scope": "lte",
"trust": 0.6,
"vendor": "wecon",
"version": "\u003c=1.8.29"
},
{
"model": "pi studio hmi project programmer \u003c=november",
"scope": "eq",
"trust": 0.6,
"vendor": "wecon",
"version": "112017"
},
{
"model": "pi studio hmi project programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "2017-11-11"
},
{
"model": "levistudiou",
"scope": "eq",
"trust": 0.6,
"vendor": "we con",
"version": "1.8.29"
},
{
"model": "pi studio hmi project programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "0"
},
{
"model": "levistudio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudio hmi editor",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levistudiou",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi studio hmi programmer",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levistudio_hmi_editor:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:pi_studio_hmi_project_programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017-11-11",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7527"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Zelenyuk of RVRT",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
}
],
"trust": 2.1
},
"cve": "CVE-2018-7527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7527",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 2.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7527",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-08900",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7527",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7527",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7527",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-08900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1462",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe. When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
}
],
"trust": 5.13
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7527",
"trust": 6.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-116-02",
"trust": 3.3
},
{
"db": "BID",
"id": "104016",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-08900",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5480",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-406",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5481",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-407",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5482",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-408",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5506",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-409",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2EDD8E1-39AB-11E9-B1AA-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"id": "VAR-201804-1655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
}
],
"trust": 1.3885025
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
}
]
},
"last_update_date": "2023-12-18T12:50:46.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wecon has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-116-02"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/index.aspx"
},
{
"title": "Patches for multiple WECON product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/128121"
},
{
"title": "Multiple WECON Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79723"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 6.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-116-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/104016"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7527"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7527"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"db": "BID",
"id": "104016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-04T00:00:00",
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"date": "2018-05-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"date": "2018-04-26T00:00:00",
"db": "BID",
"id": "104016"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"date": "2018-04-26T20:29:00.523000",
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"date": "2018-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-406"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-407"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-408"
},
{
"date": "2018-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-18-409"
},
{
"date": "2018-05-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08900"
},
{
"date": "2018-04-26T00:00:00",
"db": "BID",
"id": "104016"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005009"
},
{
"date": "2019-10-09T23:42:23.267000",
"db": "NVD",
"id": "CVE-2018-7527"
},
{
"date": "2020-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wecon LeviStudioU of LeviStudio HMI Editor and PI Studio HMI Project Programmer Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005009"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1462"
}
],
"trust": 0.8
}
}
CVE-2021-23138 (GCVE-0-2021-23138)
Vulnerability from cvelistv5 – Published: 2022-01-14 19:10 – Updated: 2025-04-16 18:02
VLAI?
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
Credits
Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:38.898270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:02:02.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T09:06:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
],
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T19:09:00.000Z",
"ID": "CVE-2021-23138",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
]
},
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-23138",
"datePublished": "2022-01-14T19:10:41.500Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:02:02.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23157 (GCVE-0-2021-23157)
Vulnerability from cvelistv5 – Published: 2022-01-14 19:10 – Updated: 2025-04-16 18:02
VLAI?
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
Credits
Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:41.848676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:02:12.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T09:06:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
],
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T19:09:00.000Z",
"ID": "CVE-2021-23157",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
]
},
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-23157",
"datePublished": "2022-01-14T19:10:40.173Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:02:12.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43983 (GCVE-0-2021-43983)
Vulnerability from cvelistv5 – Published: 2021-12-13 15:48 – Updated: 2024-09-17 01:26
VLAI?
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T14:07:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
],
"source": {
"advisory": "ICSA-21-343-02",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-09T22:34:00.000Z",
"ID": "CVE-2021-43983",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
]
},
"source": {
"advisory": "ICSA-21-343-02",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43983",
"datePublished": "2021-12-13T15:48:06.183569Z",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-09-17T01:26:17.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4533 (GCVE-0-2016-4533)
Vulnerability from cvelistv5 – Published: 2016-07-12 01:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4533",
"datePublished": "2016-07-12T01:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23138 (GCVE-0-2021-23138)
Vulnerability from nvd – Published: 2022-01-14 19:10 – Updated: 2025-04-16 18:02
VLAI?
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
Credits
Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:38.898270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:02:02.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T09:06:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
],
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T19:09:00.000Z",
"ID": "CVE-2021-23138",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
]
},
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-23138",
"datePublished": "2022-01-14T19:10:41.500Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:02:02.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23157 (GCVE-0-2021-23157)
Vulnerability from nvd – Published: 2022-01-14 19:10 – Updated: 2025-04-16 18:02
VLAI?
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
Credits
Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:41.848676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:02:12.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T09:06:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
],
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T19:09:00.000Z",
"ID": "CVE-2021-23157",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
]
},
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-23157",
"datePublished": "2022-01-14T19:10:40.173Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:02:12.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43983 (GCVE-0-2021-43983)
Vulnerability from nvd – Published: 2021-12-13 15:48 – Updated: 2024-09-17 01:26
VLAI?
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T14:07:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
],
"source": {
"advisory": "ICSA-21-343-02",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-09T22:34:00.000Z",
"ID": "CVE-2021-43983",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
]
},
"source": {
"advisory": "ICSA-21-343-02",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43983",
"datePublished": "2021-12-13T15:48:06.183569Z",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-09-17T01:26:17.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4533 (GCVE-0-2016-4533)
Vulnerability from nvd – Published: 2016-07-12 01:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4533",
"datePublished": "2016-07-12T01:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2016-4533
Vulnerability from fkie_nvd - Published: 2016-07-12 02:00 - Updated: 2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/91522 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91522 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wecon | levistudiou | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wecon:levistudiou:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2110CA2-A7B2-476F-8363-68C173A095CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en WECON LeviStudio permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-4533",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-12T02:00:10.973",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}