Vulnerabilites related to ICS-CERT - WECON LeviStudioU
CVE-2019-6539 (GCVE-0-2019-6539)
Vulnerability from cvelistv5
Published
2019-02-13 00:00
Modified
2024-09-16 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based buffer overflow
Summary
Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106861 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | WECON LeviStudioU |
Version: LeviStudioU Versions 1.8.56 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WECON LeviStudioU",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based buffer overflow CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-02-05T00:00:00",
"ID": "CVE-2019-6539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WECON LeviStudioU",
"version": {
"version_data": [
{
"version_value": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106861"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6539",
"datePublished": "2019-02-13T00:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T19:56:23.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6537 (GCVE-0-2019-6537)
Vulnerability from cvelistv5
Published
2019-02-13 00:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based buffer overflow
Summary
Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106861 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | WECON LeviStudioU |
Version: LeviStudioU Versions 1.8.56 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WECON LeviStudioU",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-02-05T00:00:00",
"ID": "CVE-2019-6537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WECON LeviStudioU",
"version": {
"version_data": [
{
"version_value": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106861"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6537",
"datePublished": "2019-02-13T00:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T23:46:28.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6541 (GCVE-0-2019-6541)
Vulnerability from cvelistv5
Published
2019-02-13 00:00
Modified
2024-09-17 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Memory corruption
Summary
A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106861 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | WECON LeviStudioU |
Version: LeviStudioU Versions 1.8.56 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WECON LeviStudioU",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory corruption CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-02-05T00:00:00",
"ID": "CVE-2019-6541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WECON LeviStudioU",
"version": {
"version_data": [
{
"version_value": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory corruption CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106861"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6541",
"datePublished": "2019-02-13T00:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-17T00:01:16.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}