PT-2019-18151 · Wecon · Wecon Levistudiou

Published

2019-01-29

Updated

2020-10-05

CVE-2019-6539

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WECON LeviStudioU versions 1.8.56 and prior

Description Several heap-based buffer overflow issues have been identified, which may allow arbitrary code execution. These issues were reported by Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative. The vulnerabilities are related to remote code execution in various components of WECON LeviStudioU, including the addresslib PLC Driver, addresslib PLC Type, screendata Desc FigureFile, and screendata LaIndexID/TextContent.

Recommendations For WECON LeviStudioU versions 1.8.56 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2019-6539

ZDI-19-146

ZDI-19-147

ZDI-19-149

ZDI-19-150

Affected Products

Wecon Levistudiou

PT-2019-18151 · Wecon · Wecon Levistudiou

CVE-2019-6539

Weakness Enumeration

Related Identifiers

Affected Products

References · 8