PT-2019-15293 · Wecon · Wecon Plc Editor

Natnael Samson

Publicado

2019-12-12

Atualizado

2020-01-03

CVE-2019-18236

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WECON PLC Editor version 1.3.5 20190129

Description The issue arises from multiple buffer overflow vulnerabilities when the PLC Editor processes project files. An attacker could exploit this by using a specially crafted project file, potentially leading to the execution of code under the privileges of the application.

Recommendations For WECON PLC Editor version 1.3.5 20190129, as a temporary workaround, consider restricting the processing of project files from untrusted sources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-119

Identificadores relacionados

CVE-2019-18236

ZDI-19-1015

ZDI-19-1033

ZDI-19-1034

Produtos afetados

Wecon Plc Editor

PT-2019-15293 · Wecon · Wecon Plc Editor

CVE-2019-18236

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6