CVE-2018-10606

Name of the Vulnerable Software and Affected Versions: WECON LeviStudio versions 1.8.29 through 1.8.44

Description: The issue is related to multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. These vulnerabilities can lead to remote code execution. The affected components include TIFF parsing, PartInfo PartName, screenhelper ScrnName, screendata IndirectAddrR, PartInfo WriteAddr, Datalogtool file creation data, screendata Key ASCIIKey, General WordAddr, figure FigureFile, stringlib Content, screenhelper ScrnFile, addresslib Port, and addresslib Name.

Recommendations: For WECON LeviStudio versions 1.8.29 through 1.8.44, consider disabling the processing of specially crafted project files until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation. Avoid using the affected functions and parameters in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.