CVE-2016-4519

Name of the Vulnerable Software and Affected Versions Unitronics VisiLogic OPLC IDE versions prior to 9.8.30

Description The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by crafting a filename field in a ZIP archive within a vlp file. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 9.8.30, update to version 9.8.30 or later to resolve the issue. As a temporary workaround, consider restricting the handling of vlp files and ZIP archives to minimize the risk of exploitation. Avoid using crafted filename fields in ZIP archives within vlp files until the issue is resolved.