VAR-201712-0116
Vulnerability from variot - Updated: 2023-12-18 12:57A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. WECON LeviStudio HMI Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudio Project files. When parsing the Driver field, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. WECON LeviStudio is an HMI programming software. Wecon LEVI Studio HMI is prone to heap-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "levi studio hmi",
"scope": "eq",
"trust": 1.6,
"vendor": "we con",
"version": null
},
{
"model": "levistudio",
"scope": null,
"trust": 1.5,
"vendor": "wecon",
"version": null
},
{
"model": "levistudio hmi",
"scope": null,
"trust": 0.6,
"vendor": "wecon",
"version": null
},
{
"model": "levi studio hmi editor",
"scope": "eq",
"trust": 0.3,
"vendor": "wecon",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "levi studio hmi",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:we-con:levi_studio_hmi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael DePlante",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "BID",
"id": "102230"
}
],
"trust": 1.0
},
"cve": "CVE-2017-16717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16717",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37689",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-16717",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16717",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-16717",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-742",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. WECON LeviStudio HMI Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudio Project files. When parsing the Driver field, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. WECON LeviStudio is an HMI programming software. Wecon LEVI Studio HMI is prone to heap-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16717",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-353-05",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2017-37689",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5085",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-1001",
"trust": 0.7
},
{
"db": "BID",
"id": "102230",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2DFF630-39AB-11E9-80C8-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"id": "VAR-201712-0116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
}
],
"trust": 1.61578945
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
}
]
},
"last_update_date": "2023-12-18T12:57:10.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.we-con.com.cn/en/index.aspx"
},
{
"title": "Wecon has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-05"
},
{
"title": "WECON LeviStudio patch for HMI heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111281"
},
{
"title": "WECON LeviStudio HMI Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77234"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-05"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16717"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16717"
},
{
"trust": 0.3,
"url": "http://www.we-con.com.cn/en/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"db": "BID",
"id": "102230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102230"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"date": "2017-12-20T19:29:00.207000",
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1001"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37689"
},
{
"date": "2017-12-19T00:00:00",
"db": "BID",
"id": "102230"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"date": "2019-10-09T23:25:14.003000",
"db": "NVD",
"id": "CVE-2017-16717"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WECON LeviStudio HMI Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011779"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2dff630-39ab-11e9-80c8-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-742"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…