CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
88.3%
**ATTENTION:**Locally exploitable/low skill level to exploit.
Vendor: WECON Technology Co., Ltd. (WECON)
**Equipment:**LeviStudio HMI Editor
Vulnerabilities: Buffer Overflows
The following versions of LEVI Studio HMI Editor, an HMI programming software product, are affected:
Successful exploitation of these vulnerabilities may result in arbitrary code execution.
WECON recommends that users update to the latest version, which can be found at the following location:
<http://www.we-con.com.cn/en/download.aspx?id=45>
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICSβCERT Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
CVE-2017-16739 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).
A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
CVE-2017-16737 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).
Sergey Zelenyuk of RVRT, HanM0u of CloverSec Labs working with Trend Microβs Zero Day Initiative, and Brian Gorenc of Trend Microβs Zero Day Initiative reported the vulnerabilities to ICS-CERT.
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems.
Countries/Areas Deployed: Worldwide
Company Headquarters Location: China
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16737
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16739
www.we-con.com.cn/en/download.aspx?id=45
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-18-011-01
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/122.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=WECON%20Technology%20Co.%2C%20Ltd.%20LeviStudio%20HMI%20Editor+https://www.cisa.gov/news-events/ics-advisories/icsa-18-011-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-18-011-01&title=WECON%20Technology%20Co.%2C%20Ltd.%20LeviStudio%20HMI%20Editor
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-18-011-01
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=WECON%20Technology%20Co.%2C%20Ltd.%20LeviStudio%20HMI%20Editor&body=www.cisa.gov/news-events/ics-advisories/icsa-18-011-01
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
88.3%