CVE-2020-25199
published 2020-12-09CVE-2020-25199: A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.24%
65.6th percentile
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| we-con | levistudiou | <= 2019-09-21 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WECON LeviStudioU (Update C)
cisa_ics·2020-10-29·CVSS 7.8
[HIGH] WECON LeviStudioU (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WECON LeviStudioU (Update C)
Last RevisedDecember 03, 2020
Alert CodeICSA-20-238-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low skill level to exploit
- Vendor: WECON Technology Co., Ltd (WECON)
- Equipment: LeviStudioU
--------- Begin Update C Part 1 of 3 ---------
- Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference, Heap-based Buffer Overflow
--------- End Update C Part 1 of 3 ---------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-238-03 WECON LeviStudioU
GHSA
GHSA-v9wv-gjqw-3pfr: A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files
ghsa_unreviewed·2022-05-24
CVE-2020-25199 [HIGH] CWE-787 GHSA-v9wv-gjqw-3pfr: A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-12-09
Published