PT-2018-1635 · Wecon Technology · Pi Studio+1

Published

2018-10-02

Updated

2019-12-30

CVE-2018-14810

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior WECON Technology Co., Ltd. PI Studio versions 4.2.34 and prior

Description The issue is caused by a buffer overflow vulnerability, which allows an attacker to execute arbitrary code remotely. This is due to the parsing of files and passing of invalidated user data to an unsafe method call, potentially allowing code execution in the context of an administrator.

Recommendations For WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior, update to a version later than 4.1.9 to resolve the issue. For WECON Technology Co., Ltd. PI Studio versions 4.2.34 and prior, update to a version later than 4.2.34 to resolve the issue. As a temporary workaround, consider restricting access to the file parsing functionality to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2018-01194

CVE-2018-14810

ZDI-18-1107

ZDI-19-1032

ZDI-19-449

ZDI-19-450

Affected Products

Pi Studio

Pi Studio Hmi

PT-2018-1635 · Wecon Technology · Pi Studio+1

CVE-2018-14810

Weakness Enumeration

Related Identifiers

Affected Products

References · 8