Sergey Zelenyuk

**Name of the Vulnerable Software and Affected Versions** Wecon LeviStudioU version 1.8.29 Wecon PI Studio HMI Project Programmer, Build: November 11, 2017 and prior LeviStudio HMI Editor, Version 1.10 **Description** A buffer overflow can be triggered by opening a specially crafted file, potentially leading to remote code execution. The issue affects multiple components of Wecon LeviStudioU, including the DataLogTool, where vulnerabilities in the History Curve Set, INI Parser, and Edit functions can be exploited. **Recommendations** For Wecon LeviStudioU version 1.8.29, update to a version that includes a fix for the buffer overflow issue. For Wecon PI Studio HMI Project Programmer, Build: November 11, 2017 and prior, update to a build that includes a fix for the buffer overflow issue. For LeviStudio HMI Editor, Version 1.10, update to a version that includes a fix for the buffer overflow issue. As a temporary workaround, consider avoiding the use of specially crafted files that could trigger the buffer overflow until a patch is available.