CVE-2018-7527
published 2018-04-26CVE-2018-7527: A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build…
PriorityP421medium5.3CVSS 3.0
AVLACLPRNUIRSUCLILAL
EPSS
0.73%
49.7th percentile
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| we-con | levistudio_hmi_editor | — | — |
| we-con | levistudiou | <= 1.8.29 | — |
| we-con | pi_studio_hmi_project_programmer | <= 2017-11-11 | — |
| wecon_technology_co_ltd | levistudio_hmi_editor | — | — |
| wecon_technology_co_ltd | pi_studio_hmi_project_programmer | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer
cisa_ics·2018-04-26·CVSS 5.3
[MEDIUM] WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer
Last RevisedApril 26, 2018
Alert CodeICSA-18-116-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 5.9
- ATTENTION: Low skill level to exploit.
- Vendor: WECON Technology Co., Ltd. (WECON)
- Equipment: LeviStudio HMI Editor, and PI Studio HMI Project Programmer
- Vulnerabilities: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of LEVI Studio H
GHSA
GHSA-4r6c-hgqq-rr35: A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1
ghsa_unreviewed·2022-05-13
CVE-2018-7527 [MEDIUM] CWE-119 GHSA-4r6c-hgqq-rr35: A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-04-26
Published