PT-2019-15293 · Wecon · Wecon Plc Editor

Natnael Samson

Published

2019-12-12

Updated

2020-01-03

CVE-2019-18236

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WECON PLC Editor version 1.3.5 20190129

Description The issue arises from multiple buffer overflow vulnerabilities when the PLC Editor processes project files. An attacker could exploit this by using a specially crafted project file, potentially leading to the execution of code under the privileges of the application.

Recommendations For WECON PLC Editor version 1.3.5 20190129, as a temporary workaround, consider restricting the processing of project files from untrusted sources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

CVE-2019-18236

ZDI-19-1015

ZDI-19-1033

ZDI-19-1034

Affected Products

Wecon Plc Editor

PT-2019-15293 · Wecon · Wecon Plc Editor

CVE-2019-18236

Weakness Enumeration

Related Identifiers

Affected Products

References · 6