Natti

**Name of the Vulnerable Software and Affected Versions** WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior WECON Technology Co., Ltd. PI Studio versions 4.2.34 and prior **Description** The issue is caused by a stack-based buffer overflow in PI Studio, which may allow a remote attacker to execute arbitrary code. **Recommendations** For WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior, update to a version later than 4.1.9 to resolve the issue. For WECON Technology Co., Ltd. PI Studio versions 4.2.34 and prior, update to a version later than 4.2.34 to resolve the issue. As a temporary workaround, consider restricting access to the PI Studio to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WECON PLC Editor version 1.3.3U **Description** The issue may allow an attacker to execute code under the current process when the software processes project files. **Recommendations** For version 1.3.3U, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CNCSoft versions 1.00.83 and prior ScreenEditor versions 1.00.54 and prior **Description** The software has multiple stack-based buffer overflow issues due to inadequate user input validation before copying data from project files onto the stack. This could cause the software to crash and may allow an attacker to gain remote code execution with administrator privileges if exploited. **Recommendations** For CNCSoft versions 1.00.83 and prior, update to a version later than 1.00.83 to resolve the issue. For ScreenEditor versions 1.00.54 and prior, update to a version later than 1.00.54 to resolve the issue. As a temporary workaround, consider disabling the use of DPB files in the ScreenEditor until a patch is available. Restrict access to the ScreenEditor to minimize the risk of exploitation.