CVE-2020-16243
published 2021-02-23CVE-2020-16243: Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project…
PriorityP347high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
12.01%
95.6th percentile
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| we-con | levistudiou | <= 2019-09-21 | — |
| we-con | levistudiou | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WECON LeviStudioU (Update C)
cisa_ics·2020-10-29·CVSS 7.8
[HIGH] WECON LeviStudioU (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WECON LeviStudioU (Update C)
Last RevisedDecember 03, 2020
Alert CodeICSA-20-238-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low skill level to exploit
- Vendor: WECON Technology Co., Ltd (WECON)
- Equipment: LeviStudioU
--------- Begin Update C Part 1 of 3 ---------
- Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference, Heap-based Buffer Overflow
--------- End Update C Part 1 of 3 ---------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-238-03 WECON LeviStudioU
GHSA
GHSA-fj3m-f5px-cp9p: Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files
ghsa_unreviewed·2022-05-24
CVE-2020-16243 [HIGH] CWE-787 GHSA-fj3m-f5px-cp9p: Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-23
Published