cvelistv5 - cve-2018-7527

CVE-2018-7527 (GCVE-0-2018-7527)

Vulnerability from cvelistv5

Published

2018-04-26 20:00

Modified

2024-09-16 23:46

Severity ?

CWE

CWE-121 - Stack-Based Buffer Overflow

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/104016	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104016	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02	Third Party Advisory, US Government Resource

Impacted products

Vendor

Product

Version

▼

WECON Technology Co., Ltd.

LeviStudio HMI Editor

Version: Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior

WECON Technology Co., Ltd.

PI Studio HMI Project Programmer

Version: Build: November 11, 2017 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:04.389Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104016",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104016"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LeviStudio HMI Editor",
          "vendor": "WECON Technology Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior"
            }
          ]
        },
        {
          "product": "PI Studio HMI Project Programmer",
          "vendor": "WECON Technology Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Build: November 11, 2017 and prior"
            }
          ]
        }
      ],
      "datePublic": "2018-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-Based Buffer Overflow CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-30T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "104016",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104016"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-04-26T00:00:00",
          "ID": "CVE-2018-7527",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LeviStudio HMI Editor",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PI Studio HMI Project Programmer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build: November 11, 2017 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "WECON Technology Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stack-Based Buffer Overflow CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104016",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104016"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-7527",
    "datePublished": "2018-04-26T20:00:00Z",
    "dateReserved": "2018-02-26T00:00:00",
    "dateUpdated": "2024-09-16T23:46:12.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7527\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2018-04-26T20:29:00.523\",\"lastModified\":\"2024-11-21T04:12:18.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.\"},{\"lang\":\"es\",\"value\":\"Se puede desencadenar un desbordamiento de b\u00fafer en LeviStudio HMI Editor 1.10, parte de Wecon LeviStudioU 1.8.29 y en PI Studio HMI Project Programmer, Build: Noviembre 11, 2017 y anteriores abriendo un archivo especialmente manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:we-con:levistudio_hmi_editor:1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9849CD-9BCE-4734-AC49-08151193D35E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.29\",\"matchCriteriaId\":\"84F1F7EC-637F-4AF1-BA98-49309BA21954\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:we-con:pi_studio_hmi_project_programmer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2017-11-11\",\"matchCriteriaId\":\"8DAAD23E-278C-48F7-B67C-DB73196D6229\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104016\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/104016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

gsd-2018-7527

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-7527

Aliases

CVE-2018-7527

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7527",
    "description": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.",
    "id": "GSD-2018-7527"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7527"
      ],
      "details": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.",
      "id": "GSD-2018-7527",
      "modified": "2023-12-13T01:22:33.099534Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-04-26T00:00:00",
        "ID": "CVE-2018-7527",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LeviStudio HMI Editor",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PI Studio HMI Project Programmer",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Build: November 11, 2017 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "WECON Technology Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Stack-Based Buffer Overflow CWE-121"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104016",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104016"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:we-con:levistudio_hmi_editor:1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.29",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:we-con:pi_studio_hmi_project_programmer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2017-11-11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-7527"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
            },
            {
              "name": "104016",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104016"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2019-10-09T23:42Z",
      "publishedDate": "2018-04-26T20:29Z"
    }
  }
}

cnvd-2018-08900

Vulnerability from cnvd

Title: 多款WECON产品缓冲区溢出漏洞

Description:

WECON LeviStudio HMI Editor和PI Studio HMI Project Programmer都是中国维控科技（WECON Technologies）公司的人机界面编程软件。

WECON LeviStudio HMI Editor和PI Studio HMI Project Programmer 2017年11月11日之前版本中存在缓冲区溢出漏洞。远程攻击者可借助特制的文件执行代码。

Severity: 中

Patch Name: 多款WECON产品缓冲区溢出漏洞的补丁

Patch Description:

WECON LeviStudio HMI Editor和PI Studio HMI Project Programmer都是中国维控科技（WECON Technologies）公司的人机界面编程软件。

WECON LeviStudio HMI Editor和PI Studio HMI Project Programmer 2017年11月11日之前版本中存在缓冲区溢出漏洞。远程攻击者可借助特制的文件执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.we-con.com.cn/

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02 http://www.securityfocus.com/bid/104016

Impacted products

Name
['WECON LeviStudio HMI Editor <=1.8.29', 'WECON PI Studio HMI Project Programmer <=2017年11月11日']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104016"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7527"
    }
  },
  "description": "WECON LeviStudio HMI Editor\u548cPI Studio HMI Project Programmer\u90fd\u662f\u4e2d\u56fd\u7ef4\u63a7\u79d1\u6280\uff08WECON Technologies\uff09\u516c\u53f8\u7684\u4eba\u673a\u754c\u9762\u7f16\u7a0b\u8f6f\u4ef6\u3002\r\n\r\nWECON LeviStudio HMI Editor\u548cPI Studio HMI Project Programmer 2017\u5e7411\u670811\u65e5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Sergey Zelenyuk of RVRT and Michael DePlante of Leahy Center for Digital Investigation at Champlain College",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.we-con.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-08900",
  "openTime": "2018-05-04",
  "patchDescription": "WECON LeviStudio HMI Editor\u548cPI Studio HMI Project Programmer\u90fd\u662f\u4e2d\u56fd\u7ef4\u63a7\u79d1\u6280\uff08WECON Technologies\uff09\u516c\u53f8\u7684\u4eba\u673a\u754c\u9762\u7f16\u7a0b\u8f6f\u4ef6\u3002\r\n\r\nWECON LeviStudio HMI Editor\u548cPI Studio HMI Project Programmer 2017\u5e7411\u670811\u65e5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eWECON\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "WECON LeviStudio HMI Editor \u003c=1.8.29",
      "WECON PI Studio HMI Project Programmer \u003c=2017\u5e7411\u670811\u65e5"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02\r\nhttp://www.securityfocus.com/bid/104016",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-28",
  "title": "\u591a\u6b3eWECON\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

fkie_cve-2018-7527

Vulnerability from fkie_nvd

Published

2018-04-26 20:29

Modified

2024-11-21 04:12

Severity ?

5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/104016	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104016	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
we-con	levistudio_hmi_editor	1.10
we-con	levistudiou	*
we-con	pi_studio_hmi_project_programmer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:we-con:levistudio_hmi_editor:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9849CD-9BCE-4734-AC49-08151193D35E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F1F7EC-637F-4AF1-BA98-49309BA21954",
              "versionEndIncluding": "1.8.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:we-con:pi_studio_hmi_project_programmer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DAAD23E-278C-48F7-B67C-DB73196D6229",
              "versionEndIncluding": "2017-11-11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file."
    },
    {
      "lang": "es",
      "value": "Se puede desencadenar un desbordamiento de b\u00fafer en LeviStudio HMI Editor 1.10, parte de Wecon LeviStudioU 1.8.29 y en PI Studio HMI Project Programmer, Build: Noviembre 11, 2017 y anteriores abriendo un archivo especialmente manipulado."
    }
  ],
  "id": "CVE-2018-7527",
  "lastModified": "2024-11-21T04:12:18.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-26T20:29:00.523",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104016"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-4r6c-hgqq-rr35

Vulnerability from github

Published

2022-05-13 01:31

Modified

2022-05-13 01:31

Severity ?

5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-26T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.",
  "id": "GHSA-4r6c-hgqq-rr35",
  "modified": "2022-05-13T01:31:51Z",
  "published": "2022-05-13T01:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7527"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

icsa-18-116-02

Vulnerability from csaf_cisa

Published

2018-04-26 00:00

Modified

2018-04-26 00:00

Summary

WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow remote code execution.

Critical infrastructure sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

China

Recommended Practices

NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.

Exploitability

No known public exploits specifically target these vulnerabilities. These vulnerabilities is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Sergey Zelenyuk"
        ],
        "organization": "RVRT",
        "summary": "reporting these vulnerabilities to NCCIC"
      },
      {
        "names": [
          "Michael DePlante"
        ],
        "organization": "Leahy Center for Digital Investigation at Champlain College",
        "summary": "reporting these vulnerabilities to NCCIC"
      },
      {
        "organization": "Trend Micro \u0027s Zero Day Initiative",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow remote code execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "China",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities is not exploitable remotely.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-116-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-116-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-116-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-116-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-116-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer",
    "tracking": {
      "current_release_date": "2018-04-26T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-116-02",
      "initial_release_date": "2018-04-26T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-04-26T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-116-02 WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.8.29",
                "product": {
                  "name": "WECON LeviStudioU: Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "WECON LeviStudioU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=November 11, 2017",
                "product": {
                  "name": "PI Studio HMI Project Programmer Build: November 11 2017 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "PI Studio HMI Project Programmer Build"
          }
        ],
        "category": "vendor",
        "name": "WECON"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-7527",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow can be triggered by opening a specially crafted file.CVE-2018-7527 has been assigned to these vulnerabilities. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7527"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "WECON recommends that users update to the latest version which can be found at the following location (download):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://wecon-disk.oss-ap-southeast-1.aliyuncs.com/LeviStudioU20180420%20TEST.exe"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

ICSA-18-116-02

Vulnerability from csaf_cisa

Published

2018-04-26 00:00

Modified

2018-04-26 00:00

Summary

WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of these vulnerabilities could allow remote code execution.

Critical infrastructure sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

China

Recommended Practices

NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

Exploitability

No known public exploits specifically target these vulnerabilities. These vulnerabilities is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Sergey Zelenyuk"
        ],
        "organization": "RVRT",
        "summary": "reporting these vulnerabilities to NCCIC"
      },
      {
        "names": [
          "Michael DePlante"
        ],
        "organization": "Leahy Center for Digital Investigation at Champlain College",
        "summary": "reporting these vulnerabilities to NCCIC"
      },
      {
        "organization": "Trend Micro \u0027s Zero Day Initiative",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow remote code execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "China",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities is not exploitable remotely.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-116-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-116-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-116-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-116-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-116-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer",
    "tracking": {
      "current_release_date": "2018-04-26T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-116-02",
      "initial_release_date": "2018-04-26T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-04-26T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-116-02 WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.8.29",
                "product": {
                  "name": "WECON LeviStudioU: Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "WECON LeviStudioU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=November 11, 2017",
                "product": {
                  "name": "PI Studio HMI Project Programmer Build: November 11 2017 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "PI Studio HMI Project Programmer Build"
          }
        ],
        "category": "vendor",
        "name": "WECON"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-7527",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow can be triggered by opening a specially crafted file.CVE-2018-7527 has been assigned to these vulnerabilities. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7527"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "WECON recommends that users update to the latest version which can be found at the following location (download):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://wecon-disk.oss-ap-southeast-1.aliyuncs.com/LeviStudioU20180420%20TEST.exe"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

var-201804-1655

Vulnerability from variot

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe. When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "levistudio hmi editor",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "we con",
        "version": "1.10"
      },
      {
        "_id": null,
        "model": "levistudio",
        "scope": null,
        "trust": 1.4,
        "vendor": "wecon",
        "version": null
      },
      {
        "_id": null,
        "model": "levistudiou",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "wecon",
        "version": "1.8.29"
      },
      {
        "_id": null,
        "model": "levistudiou",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "we con",
        "version": "1.8.29"
      },
      {
        "_id": null,
        "model": "pi studio hmi project programmer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "we con",
        "version": "2017-11-11"
      },
      {
        "_id": null,
        "model": "levi studio hmi editor",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "wecon",
        "version": "1.10"
      },
      {
        "_id": null,
        "model": "pi studio hmi project programmer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "wecon",
        "version": "build: november 11"
      },
      {
        "_id": null,
        "model": "pi studio hmi project programmer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "wecon",
        "version": "2017"
      },
      {
        "_id": null,
        "model": "levistudiou",
        "scope": null,
        "trust": 0.7,
        "vendor": "wecon",
        "version": null
      },
      {
        "_id": null,
        "model": "pi studio hmi project programmer",
        "scope": null,
        "trust": 0.7,
        "vendor": "wecon",
        "version": null
      },
      {
        "_id": null,
        "model": "levistudio hmi editor",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "wecon",
        "version": "\u003c=1.8.29"
      },
      {
        "_id": null,
        "model": "pi studio hmi project programmer \u003c=november",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "wecon",
        "version": "112017"
      },
      {
        "_id": null,
        "model": "pi studio hmi project programmer",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "we con",
        "version": "2017-11-11"
      },
      {
        "_id": null,
        "model": "levistudiou",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "we con",
        "version": "1.8.29"
      },
      {
        "_id": null,
        "model": "pi studio hmi project programmer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wecon",
        "version": "0"
      },
      {
        "_id": null,
        "model": "levistudio hmi editor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wecon",
        "version": "1.10"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "levistudio hmi editor",
        "version": "1.10"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "levistudiou",
        "version": "*"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "pi studio hmi programmer",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-406"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      },
      {
        "db": "BID",
        "id": "104016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7527"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:wecon:levi_studio_hmi_editor",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:wecon:levistudiou",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:wecon:pi_studio_hmi_project_programmer",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Sergey Zelenyuk of RVRT",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-406"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408"
      }
    ],
    "trust": 2.1
  },
  "cve": "CVE-2018-7527",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-7527",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 2.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-7527",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-08900",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-7527",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2018-7527",
            "trust": 2.8,
            "value": "MEDIUM"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-7527",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-7527",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-08900",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-1462",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-406"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7527"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe.  When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-406"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      },
      {
        "db": "BID",
        "id": "104016"
      },
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
      }
    ],
    "trust": 5.13
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7527",
        "trust": 6.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-116-02",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "104016",
        "trust": 2.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5480",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-406",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5481",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5482",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5506",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "E2EDD8E1-39AB-11E9-B1AA-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-406"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      },
      {
        "db": "BID",
        "id": "104016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7527"
      }
    ]
  },
  "id": "VAR-201804-1655",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      }
    ],
    "trust": 1.3885025
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:30:27.366000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Wecon has issued an update to correct this vulnerability.",
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.we-con.com.cn/en/index.aspx"
      },
      {
        "title": "Patches for multiple WECON product buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/128121"
      },
      {
        "title": "Multiple WECON Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79723"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-406"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-121",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7527"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 6.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-116-02"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/104016"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7527"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7527"
      },
      {
        "trust": 0.3,
        "url": "http://www.we-con.com.cn/en/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-406"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900"
      },
      {
        "db": "BID",
        "id": "104016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7527"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-406",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-407",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-408",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-409",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-08900",
        "ident": null
      },
      {
        "db": "BID",
        "id": "104016",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7527",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-05-04T00:00:00",
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-406",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-407",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-408",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-409",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-08900",
        "ident": null
      },
      {
        "date": "2018-04-26T00:00:00",
        "db": "BID",
        "id": "104016",
        "ident": null
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005009",
        "ident": null
      },
      {
        "date": "2018-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-1462",
        "ident": null
      },
      {
        "date": "2018-04-26T20:29:00.523000",
        "db": "NVD",
        "id": "CVE-2018-7527",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-406",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-407",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-408",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-409",
        "ident": null
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-08900",
        "ident": null
      },
      {
        "date": "2018-04-26T00:00:00",
        "db": "BID",
        "id": "104016",
        "ident": null
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005009",
        "ident": null
      },
      {
        "date": "2020-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-1462",
        "ident": null
      },
      {
        "date": "2024-11-21T04:12:18.080000",
        "db": "NVD",
        "id": "CVE-2018-7527",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Wecon LeviStudioU of  LeviStudio HMI Editor and  PI Studio HMI Project Programmer Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005009"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "e2edd8e1-39ab-11e9-b1aa-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-1462"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-7527 (GCVE-0-2018-7527)

Vulnerability from cvelistv5

gsd-2018-7527

Vulnerability from gsd

cnvd-2018-08900

Vulnerability from cnvd

fkie_cve-2018-7527

Vulnerability from fkie_nvd

ghsa-4r6c-hgqq-rr35

Vulnerability from github

icsa-18-116-02

Vulnerability from csaf_cisa

ICSA-18-116-02

Vulnerability from csaf_cisa

var-201804-1655

Vulnerability from variot

Tags

Sightings

Nomenclature