Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by WECON
CVE-2021-23138 (GCVE-0-2021-23138)
Vulnerability from cvelistv5 – Published: 2022-01-14 19:10 – Updated: 2025-04-16 18:02
VLAI
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
Date Public
2021-12-21 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:38.898270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:02:02.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T09:06:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
],
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T19:09:00.000Z",
"ID": "CVE-2021-23138",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-133/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-139/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-134/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-136/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-138/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-141/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-137/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-131/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-135/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-142/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-129/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-140/"
}
]
},
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-23138",
"datePublished": "2022-01-14T19:10:41.500Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:02:02.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23157 (GCVE-0-2021-23157)
Vulnerability from cvelistv5 – Published: 2022-01-14 19:10 – Updated: 2025-04-16 18:02
VLAI
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
Date Public
2021-12-21 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:41.848676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:02:12.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T09:06:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
],
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T19:09:00.000Z",
"ID": "CVE-2021-23157",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-130/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-132/"
}
]
},
"source": {
"advisory": "ICSA-21-355-03",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-23157",
"datePublished": "2022-01-14T19:10:40.173Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:02:12.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43983 (GCVE-0-2021-43983)
Vulnerability from cvelistv5 – Published: 2021-12-13 15:48 – Updated: 2024-09-17 01:26
VLAI
Title
WECON LeviStudioU
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.
Severity
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
15 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | LeviStudioU |
Affected:
All , ≤ 2019-09-21
(custom)
|
Date Public
2021-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LeviStudioU",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "2019-09-21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T14:07:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
],
"source": {
"advisory": "ICSA-21-343-02",
"discovery": "UNKNOWN"
},
"title": "WECON LeviStudioU",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-09T22:34:00.000Z",
"ID": "CVE-2021-43983",
"STATE": "PUBLIC",
"TITLE": "WECON LeviStudioU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudioU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "2019-09-21"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-046/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-040/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-043/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-036/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-037/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-039/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-044/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-042/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-035/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-034/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-047/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-041/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-038/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-045/"
}
]
},
"source": {
"advisory": "ICSA-21-343-02",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43983",
"datePublished": "2021-12-13T15:48:06.183Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:17.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42705 (GCVE-0-2021-42705)
Vulnerability from cvelistv5 – Published: 2021-11-22 19:06 – Updated: 2024-09-16 20:01
VLAI
Title
WECON PLC Editor
Summary
PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.
Severity
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | PLC Editor |
Affected:
All , ≤ 1.3.8
(custom)
|
Date Public
2021-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:49.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PLC Editor",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "1.3.8",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-22T19:06:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
],
"source": {
"advisory": "ICSA-21-315-01",
"discovery": "UNKNOWN"
},
"title": "WECON PLC Editor",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-11-11T22:37:00.000Z",
"ID": "CVE-2021-42705",
"STATE": "PUBLIC",
"TITLE": "WECON PLC Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC Editor",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.3.8"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
]
},
"source": {
"advisory": "ICSA-21-315-01",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42705",
"datePublished": "2021-11-22T19:06:36.383Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:01:34.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42707 (GCVE-0-2021-42707)
Vulnerability from cvelistv5 – Published: 2021-11-22 19:04 – Updated: 2024-09-16 20:06
VLAI
Title
WECON PLC Editor
Summary
PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
Severity
7.8 (High)
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | PLC Editor |
Affected:
All , ≤ 1.3.8
(custom)
|
Date Public
2021-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:49.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PLC Editor",
"vendor": "WECON",
"versions": [
{
"lessThanOrEqual": "1.3.8",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-22T19:04:29.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
],
"source": {
"advisory": "ICSA-21-315-01",
"discovery": "UNKNOWN"
},
"title": "WECON PLC Editor",
"workarounds": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact WECON technical support for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-11-11T22:37:00.000Z",
"ID": "CVE-2021-42707",
"STATE": "PUBLIC",
"TITLE": "WECON PLC Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC Editor",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.3.8"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
]
},
"source": {
"advisory": "ICSA-21-315-01",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact WECON technical support for additional information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42707",
"datePublished": "2021-11-22T19:04:29.693Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:06:24.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14814 (GCVE-0-2018-14814)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:50 – Updated: 2024-08-05 09:38
VLAI
Summary
WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object.
Severity
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds read CWE-125
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | WECON Technology PI Studio HMI |
Affected:
PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior
|
Date Public
2018-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WECON Technology PI Studio HMI",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior"
}
]
}
],
"datePublic": "2018-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-27T19:50:08.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-14814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WECON Technology PI Studio HMI",
"version": {
"version_data": [
{
"version_value": "PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14814",
"datePublished": "2019-03-27T19:50:08.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:38:14.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14818 (GCVE-0-2018-14818)
Vulnerability from cvelistv5 – Published: 2018-10-08 13:00 – Updated: 2024-09-17 02:37
VLAI
Summary
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | PI Studio HMI |
Affected:
4.1.9 and prior
|
|
| WECON | PI Studio |
Affected:
4.2.34 and prior
|
Date Public
2018-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PI Studio HMI",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "4.1.9 and prior"
}
]
},
{
"product": "PI Studio",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "4.2.34 and prior"
}
]
}
],
"datePublic": "2018-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-08T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-04T00:00:00",
"ID": "CVE-2018-14818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PI Studio HMI",
"version": {
"version_data": [
{
"version_value": "4.1.9 and prior"
}
]
}
},
{
"product_name": "PI Studio",
"version": {
"version_data": [
{
"version_value": "4.2.34 and prior"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14818",
"datePublished": "2018-10-08T13:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:37:32.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17889 (GCVE-0-2018-17889)
Vulnerability from cvelistv5 – Published: 2018-10-08 13:00 – Updated: 2024-09-17 00:15
VLAI
Summary
In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.
Severity
No CVSS data available.
CWE
- CWE-611 - INFORMATION EXPOSURE THROUGH XML EXTERNAL ENTITY REFERENCE CWE-611
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | PI Studio HMI |
Affected:
4.1.9 and prior
|
|
| WECON | PI Studio |
Affected:
4.2.34 and prior
|
Date Public
2018-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PI Studio HMI",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "4.1.9 and prior"
}
]
},
{
"product": "PI Studio",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "4.2.34 and prior"
}
]
}
],
"datePublic": "2018-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "INFORMATION EXPOSURE THROUGH XML EXTERNAL ENTITY REFERENCE CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-08T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-04T00:00:00",
"ID": "CVE-2018-17889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PI Studio HMI",
"version": {
"version_data": [
{
"version_value": "4.1.9 and prior"
}
]
}
},
{
"product_name": "PI Studio",
"version": {
"version_data": [
{
"version_value": "4.2.34 and prior"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE THROUGH XML EXTERNAL ENTITY REFERENCE CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17889",
"datePublished": "2018-10-08T13:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:15:34.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14810 (GCVE-0-2018-14810)
Vulnerability from cvelistv5 – Published: 2018-10-08 13:00 – Updated: 2024-09-16 18:18
VLAI
Summary
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator.
Severity
No CVSS data available.
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | PI Studio HMI |
Affected:
4.1.9 and prior
|
|
| WECON | PI Studio |
Affected:
4.2.34 and prior
|
Date Public
2018-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PI Studio HMI",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "4.1.9 and prior"
}
]
},
{
"product": "PI Studio",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "4.2.34 and prior"
}
]
}
],
"datePublic": "2018-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-08T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-04T00:00:00",
"ID": "CVE-2018-14810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PI Studio HMI",
"version": {
"version_data": [
{
"version_value": "4.1.9 and prior"
}
]
}
},
{
"product_name": "PI Studio",
"version": {
"version_data": [
{
"version_value": "4.2.34 and prior"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14810",
"datePublished": "2018-10-08T13:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:18:08.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14792 (GCVE-0-2018-14792)
Vulnerability from cvelistv5 – Published: 2018-09-19 15:00 – Updated: 2024-09-16 20:27
VLAI
Summary
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WECON | PLC Editor |
Affected:
Version 1.3.3U
|
Date Public
2018-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PLC Editor",
"vendor": "WECON",
"versions": [
{
"status": "affected",
"version": "Version 1.3.3U"
}
]
}
],
"datePublic": "2018-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-19T14:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-18T00:00:00",
"ID": "CVE-2018-14792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC Editor",
"version": {
"version_data": [
{
"version_value": "Version 1.3.3U"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14792",
"datePublished": "2018-09-19T15:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:27:47.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4533 (GCVE-0-2016-4533)
Vulnerability from cvelistv5 – Published: 2016-07-12 01:00 – Updated: 2024-08-06 00:32
VLAI
Summary
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/91522 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01 | x_refsource_MISC |
Date Public
2016-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4533",
"datePublished": "2016-07-12T01:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5781 (GCVE-0-2016-5781)
Vulnerability from cvelistv5 – Published: 2016-07-12 01:00 – Updated: 2024-08-06 01:15
VLAI
Summary
Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/91522 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01 | x_refsource_MISC |
Date Public
2016-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:08.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "91522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-5781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-5781",
"datePublished": "2016-07-12T01:00:00.000Z",
"dateReserved": "2016-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:15:08.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}