Vulnerabilites related to we-con - levistudiou
Vulnerability from fkie_nvd
Published
2019-02-13 00:29
Modified
2024-11-21 04:46
Severity ?
Summary
Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/106861 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106861 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "42A79D71-9BF0-4D3E-B8FC-B92DF51590F3", versionEndIncluding: "1.8.56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, { lang: "es", value: "Podrían explotarse múltiples vulnerabilidades de desbordamiento de búfer basado en pila en WECON LeviStudioU, en versiones 1.8.56 y anteriores, al analizar cadenas en archivos de proyecto. El proceso no valida correctamente la longitud de los datos proporcionados por el usuario antes de copiarlos en un búfer basado en pila con un tamaño determinado. Un atacante podría aprovecharse de estas vulnerabilidades para ejecutar código en el contexto del actual proceso. Mat Powell, Ziad Badawi y Natnael Samson, que trabajan en la \"Zero Day Initiative\" de Trend Micro, reportaron estas vulnerabilidades al NCCIC.", }, ], id: "CVE-2019-6537", lastModified: "2024-11-21T04:46:39.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-13T00:29:00.657", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106861", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106861", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 05:17
Severity ?
Summary
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "785416DE-0B73-41CD-AC5D-32EAC49045AF", versionEndIncluding: "2019-09-21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo XXE dentro de LeviStudioU Release Build versiones 21-09-2019 y anteriores, cuando se procesan parámetros entities, lo que puede permitir una divulgación de archivos", }, ], id: "CVE-2020-25186", lastModified: "2024-11-21T05:17:35.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-22T21:15:13.747", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-26 18:29
Modified
2024-11-21 03:41
Severity ?
Summary
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/104935 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104935 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | 1.8.29 | |
| we-con | levistudiou | 1.8.44 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.29:*:*:*:*:*:*:*", matchCriteriaId: "DFDC2D4D-F9DE-4D99-8C14-72918FDC88CD", vulnerable: true, }, { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.44:*:*:*:*:*:*:*", matchCriteriaId: "01CF1E2F-8382-4270-9B1C-4C0DFBE2E7E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.", }, { lang: "es", value: "WECON LeviStudio en versiones 1.8.29 y 1.8.44 tiene múltiples vulnerabilidades de desbordamiento de búfer basado en pila que pueden explotarse cuando la aplicación procesa archivos de proyecto especialmente manipulados.", }, ], id: "CVE-2018-10602", lastModified: "2024-11-21T03:41:38.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-26T18:29:00.323", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104935", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-14 20:15
Modified
2024-11-21 05:51
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-22-130/ | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-22-132/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-130/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-132/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "785416DE-0B73-41CD-AC5D-32EAC49045AF", versionEndIncluding: "2019-09-21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.", }, { lang: "es", value: "WECON LeviStudioU Versiones 21-09-2019 y anteriores, son vulnerables a un desbordamiento de búfer en la región heap de la memoria, que puede permitir a un atacante ejecutar código de forma remota", }, ], id: "CVE-2021-23157", lastModified: "2024-11-21T05:51:17.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-14T20:15:10.033", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-130/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-132/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-130/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-132/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-09 21:29
Modified
2024-11-21 03:41
Severity ?
Summary
An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | 1.8.29 | |
| we-con | levistudiou | 1.8.44 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.29:*:*:*:*:*:*:*", matchCriteriaId: "DFDC2D4D-F9DE-4D99-8C14-72918FDC88CD", vulnerable: true, }, { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.44:*:*:*:*:*:*:*", matchCriteriaId: "01CF1E2F-8382-4270-9B1C-4C0DFBE2E7E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.", }, { lang: "es", value: "Una vulnerabilidad XEE (XML External Entity) en LeviStudioU en versiones 1.8.29 y 1.8.44 puede explotarse cuando la aplicación procesa archivos XML especialmente manipulados.", }, ], id: "CVE-2018-10614", lastModified: "2024-11-21T03:41:40.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-09T21:29:00.437", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-09 21:29
Modified
2024-11-21 03:41
Severity ?
Summary
An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | 1.8.29 | |
| we-con | levistudiou | 1.8.44 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.29:*:*:*:*:*:*:*", matchCriteriaId: "DFDC2D4D-F9DE-4D99-8C14-72918FDC88CD", vulnerable: true, }, { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.44:*:*:*:*:*:*:*", matchCriteriaId: "01CF1E2F-8382-4270-9B1C-4C0DFBE2E7E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files.", }, { lang: "es", value: "Una vulnerabilidad fuera de límites en LeviStudioU en versiones 1.8.29 y 1.8.44 puede explotarse cuando la aplicación procesa archivos de proyecto especialmente manipulados.", }, ], id: "CVE-2018-10610", lastModified: "2024-11-21T03:41:39.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-09T21:29:00.327", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-13 16:15
Modified
2024-11-21 06:30
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "785416DE-0B73-41CD-AC5D-32EAC49045AF", versionEndIncluding: "2019-09-21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.", }, { lang: "es", value: "WECON LeviStudioU Versiones 21-09-2019 y anteriores, son vulnerables a múltiples instancias de desbordamiento de búfer en la región stack de la memoria mientras son analizados los archivos del proyecto, lo que puede permitir a un atacante ejecutar código arbitrario", }, ], id: "CVE-2021-43983", lastModified: "2024-11-21T06:30:08.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-13T16:15:10.107", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-034/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-035/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-036/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-037/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-038/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-039/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-040/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-041/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-042/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-043/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-044/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-045/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-046/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-047/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-034/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-035/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-036/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-037/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-038/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-039/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-040/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-041/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-042/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-043/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-044/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-045/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-046/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-047/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-13 00:29
Modified
2024-11-21 04:46
Severity ?
Summary
Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/106861 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106861 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "42A79D71-9BF0-4D3E-B8FC-B92DF51590F3", versionEndIncluding: "1.8.56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, { lang: "es", value: "Se han identificado varias vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en WECON LeviStudioU, en versiones 1.8.56 y anteriores, que podrían permitir la ejecución de código arbitrario. Mat Powell, Ziad Badawi y Natnael Samson, que trabajan en la \"Zero Day Initiative\" de Trend Micro, reportaron estas vulnerabilidades al NCCIC.", }, ], id: "CVE-2019-6539", lastModified: "2024-11-21T04:46:39.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-13T00:29:00.703", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106861", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106861", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-26 18:29
Modified
2024-11-21 03:41
Severity ?
Summary
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/104935 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104935 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | 1.8.29 | |
| we-con | levistudiou | 1.8.44 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.29:*:*:*:*:*:*:*", matchCriteriaId: "DFDC2D4D-F9DE-4D99-8C14-72918FDC88CD", vulnerable: true, }, { criteria: "cpe:2.3:a:we-con:levistudiou:1.8.44:*:*:*:*:*:*:*", matchCriteriaId: "01CF1E2F-8382-4270-9B1C-4C0DFBE2E7E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.", }, { lang: "es", value: "WECON LeviStudio en versiones 1.8.29 y 1.8.44 tiene múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) que pueden explotarse cuando la aplicación procesa archivos de proyecto especialmente manipulados.", }, ], id: "CVE-2018-10606", lastModified: "2024-11-21T03:41:39.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-26T18:29:00.433", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104935", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-23 17:15
Modified
2024-11-21 05:07
Severity ?
Summary
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "785416DE-0B73-41CD-AC5D-32EAC49045AF", versionEndIncluding: "2019-09-21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de desbordamiento de búfer cuando LeviStudioU (versión del 21-09-2019 y anteriores) procesa archivos de proyecto. Abrir un archivo de proyecto especialmente diseñado podría permitir a un atacante explotar y ejecutar código bajo los privilegios de la aplicación", }, ], id: "CVE-2020-16243", lastModified: "2024-11-21T05:07:00.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-23T17:15:13.177", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-13 00:29
Modified
2024-11-21 04:46
Severity ?
Summary
A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/106861 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106861 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | Mitigation, Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "42A79D71-9BF0-4D3E-B8FC-B92DF51590F3", versionEndIncluding: "1.8.56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad de corrupción de memoria en WECON LeviStudioU, en versiones 1.8.56 y anteriores, lo que podría permitir la ejecución de código arbitrario. Mat Powell, Ziad Badawi y Natnael Samson, que trabajan en la \"Zero Day Initiative\" de Trend Micro, reportaron estas vulnerabilidades al NCCIC.", }, ], id: "CVE-2019-6541", lastModified: "2024-11-21T04:46:39.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-13T00:29:00.733", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106861", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106861", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-26 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/104016 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104016 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudio_hmi_editor | 1.10 | |
| we-con | levistudiou | * | |
| we-con | pi_studio_hmi_project_programmer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudio_hmi_editor:1.10:*:*:*:*:*:*:*", matchCriteriaId: "BB9849CD-9BCE-4734-AC49-08151193D35E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "84F1F7EC-637F-4AF1-BA98-49309BA21954", versionEndIncluding: "1.8.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:pi_studio_hmi_project_programmer:*:*:*:*:*:*:*:*", matchCriteriaId: "8DAAD23E-278C-48F7-B67C-DB73196D6229", versionEndIncluding: "2017-11-11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.", }, { lang: "es", value: "Se puede desencadenar un desbordamiento de búfer en LeviStudio HMI Editor 1.10, parte de Wecon LeviStudioU 1.8.29 y en PI Studio HMI Project Programmer, Build: Noviembre 11, 2017 y anteriores abriendo un archivo especialmente manipulado.", }, ], id: "CVE-2018-7527", lastModified: "2024-11-21T04:12:18.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-26T20:29:00.523", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104016", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-09 17:15
Modified
2024-11-21 05:17
Severity ?
Summary
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "785416DE-0B73-41CD-AC5D-32EAC49045AF", versionEndIncluding: "2019-09-21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.", }, { lang: "es", value: "Se presenta una vulnerabilidad de desbordamiento del búfer en la región heap de la memoria dentro de WECON LeviStudioU Release Build en el 21-09-2019 y antes, cuando se procesan archivos de proyecto. Abrir un archivo de proyecto especialmente diseñado podría permitir a un atacante explotar y ejecutar código bajo los privilegios de la aplicación", }, ], id: "CVE-2020-25199", lastModified: "2024-11-21T05:17:37.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-09T17:15:30.120", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-14 20:15
Modified
2024-11-21 05:51
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| we-con | levistudiou | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", matchCriteriaId: "785416DE-0B73-41CD-AC5D-32EAC49045AF", versionEndIncluding: "2019-09-21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.", }, { lang: "es", value: "WECON LeviStudioU Versiones 21-09-2019 y anteriores, son vulnerables a un desbordamiento de búfer en la región stack de la memoria, lo que puede permitir a un atacante ejecutar código de forma remota", }, ], id: "CVE-2021-23138", lastModified: "2024-11-21T05:51:16.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-14T20:15:09.970", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-129/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-131/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-133/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-134/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-135/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-136/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-137/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-138/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-139/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-140/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-141/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-142/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-129/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-131/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-133/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-134/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-135/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-136/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-137/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-138/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-139/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-140/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-141/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-142/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-10602
Vulnerability from cvelistv5
Published
2018-09-26 18:00
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/104935 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON Technology Co., Ltd. | LeviStudioU |
Version: Versions 1.8.29 and 1.8.44 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:39:08.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { name: "104935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104935", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "WECON Technology Co., Ltd.", versions: [ { status: "affected", version: "Versions 1.8.29 and 1.8.44", }, ], }, ], datePublic: "2018-07-31T00:00:00", descriptions: [ { lang: "en", value: "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "STACK-BASED BUFFER OVERFLOW CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-27T09:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { name: "104935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104935", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2018-07-31T00:00:00", ID: "CVE-2018-10602", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_value: "Versions 1.8.29 and 1.8.44", }, ], }, }, ], }, vendor_name: "WECON Technology Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "STACK-BASED BUFFER OVERFLOW CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { name: "104935", refsource: "BID", url: "http://www.securityfocus.com/bid/104935", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2018-10602", datePublished: "2018-09-26T18:00:00Z", dateReserved: "2018-05-01T00:00:00", dateUpdated: "2024-09-16T19:19:09.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6537
Vulnerability from cvelistv5
Published
2019-02-13 00:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106861 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | WECON LeviStudioU |
Version: LeviStudioU Versions 1.8.56 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:23:21.496Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106861", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106861", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WECON LeviStudioU", vendor: "ICS-CERT", versions: [ { status: "affected", version: "LeviStudioU Versions 1.8.56 and prior", }, ], }, ], datePublic: "2019-02-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "Stack-based buffer overflow CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-13T10:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { name: "106861", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106861", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2019-02-05T00:00:00", ID: "CVE-2019-6537", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WECON LeviStudioU", version: { version_data: [ { version_value: "LeviStudioU Versions 1.8.56 and prior", }, ], }, }, ], }, vendor_name: "ICS-CERT", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stack-based buffer overflow CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "106861", refsource: "BID", url: "http://www.securityfocus.com/bid/106861", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2019-6537", datePublished: "2019-02-13T00:00:00Z", dateReserved: "2019-01-22T00:00:00", dateUpdated: "2024-09-16T23:46:28.780Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10610
Vulnerability from cvelistv5
Published
2018-10-09 21:00
Modified
2024-09-16 21:04
Severity ?
EPSS score ?
Summary
An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON Technology Co., Ltd | LeviStudioU |
Version: Versions 1.8.29 and 1.8.44 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:46:46.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "WECON Technology Co., Ltd", versions: [ { status: "affected", version: "Versions 1.8.29 and 1.8.44", }, ], }, ], datePublic: "2018-07-31T00:00:00", descriptions: [ { lang: "en", value: "An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "OUT-OF-BOUNDS WRITE CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T20:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2018-07-31T00:00:00", ID: "CVE-2018-10610", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_value: "Versions 1.8.29 and 1.8.44", }, ], }, }, ], }, vendor_name: "WECON Technology Co., Ltd", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "OUT-OF-BOUNDS WRITE CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2018-10610", datePublished: "2018-10-09T21:00:00Z", dateReserved: "2018-05-01T00:00:00", dateUpdated: "2024-09-16T21:04:28.173Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-7527
Vulnerability from cvelistv5
Published
2018-04-26 20:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104016 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | WECON Technology Co., Ltd. | LeviStudio HMI Editor |
Version: Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:31:04.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104016", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104016", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudio HMI Editor", vendor: "WECON Technology Co., Ltd.", versions: [ { status: "affected", version: "Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior", }, ], }, { product: "PI Studio HMI Project Programmer", vendor: "WECON Technology Co., Ltd.", versions: [ { status: "affected", version: "Build: November 11, 2017 and prior", }, ], }, ], datePublic: "2018-04-26T00:00:00", descriptions: [ { lang: "en", value: "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "Stack-Based Buffer Overflow CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-30T09:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { name: "104016", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104016", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2018-04-26T00:00:00", ID: "CVE-2018-7527", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudio HMI Editor", version: { version_data: [ { version_value: "Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior", }, ], }, }, { product_name: "PI Studio HMI Project Programmer", version: { version_data: [ { version_value: "Build: November 11, 2017 and prior", }, ], }, }, ], }, vendor_name: "WECON Technology Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stack-Based Buffer Overflow CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "104016", refsource: "BID", url: "http://www.securityfocus.com/bid/104016", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2018-7527", datePublished: "2018-04-26T20:00:00Z", dateReserved: "2018-02-26T00:00:00", dateUpdated: "2024-09-16T23:46:12.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43983
Vulnerability from cvelistv5
Published
2021-12-13 15:48
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Version: All < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-046/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-040/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-043/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-036/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-037/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-039/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-044/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-042/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-035/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-034/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-047/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-041/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-038/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-045/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "WECON", versions: [ { lessThanOrEqual: "2019-09-21", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-09T00:00:00", descriptions: [ { lang: "en", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-13T14:07:02", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-046/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-040/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-043/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-036/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-037/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-039/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-044/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-042/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-035/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-034/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-047/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-041/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-038/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-045/", }, ], source: { advisory: "ICSA-21-343-02", discovery: "UNKNOWN", }, title: "WECON LeviStudioU", workarounds: [ { lang: "en", value: "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-09T22:34:00.000Z", ID: "CVE-2021-43983", STATE: "PUBLIC", TITLE: "WECON LeviStudioU", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "2019-09-21", }, ], }, }, ], }, vendor_name: "WECON", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121 Stack-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-343-02", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-046/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-046/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-040/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-040/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-043/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-043/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-036/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-036/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-037/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-037/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-039/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-039/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-044/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-044/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-042/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-042/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-035/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-035/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-034/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-034/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-047/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-047/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-041/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-041/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-038/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-038/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-045/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-045/", }, ], }, source: { advisory: "ICSA-21-343-02", discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "WECON has not responded to requests to work with CISA to mitigate this vulnerability. Users of this affected product are invited to contact WECON technical support for additional information. CISA also recommends users take the following measures to protect themselves from social engineering attacks:", }, ], }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-43983", datePublished: "2021-12-13T15:48:06.183569Z", dateReserved: "2021-11-17T00:00:00", dateUpdated: "2024-09-17T01:26:17.068Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-16243
Vulnerability from cvelistv5
Published
2021-02-23 16:18
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | LeviStudioU |
Version: Version 2019-09-21 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:37:54.201Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "n/a", versions: [ { status: "affected", version: "Version 2019-09-21 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "STACK-BASED BUFFER OVERFLOW CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-23T16:18:20", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-16243", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_value: "Version 2019-09-21 and prior", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "STACK-BASED BUFFER OVERFLOW CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-16243", datePublished: "2021-02-23T16:18:20", dateReserved: "2020-07-31T00:00:00", dateUpdated: "2024-08-04T13:37:54.201Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23157
Vulnerability from cvelistv5
Published
2022-01-14 19:10
Modified
2024-09-17 03:59
Severity ?
EPSS score ?
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-130/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-132/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Version: All < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:26.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-130/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-132/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "WECON", versions: [ { lessThanOrEqual: "2019-09-21", status: "affected", version: "All", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.", }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-27T09:06:14", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-130/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-132/", }, ], source: { advisory: "ICSA-21-355-03", discovery: "UNKNOWN", }, title: "WECON LeviStudioU", workarounds: [ { lang: "en", value: "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T19:09:00.000Z", ID: "CVE-2021-23157", STATE: "PUBLIC", TITLE: "WECON LeviStudioU", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "2019-09-21", }, ], }, }, ], }, vendor_name: "WECON", }, ], }, }, credit: [ { lang: "eng", value: "Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122 Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-130/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-130/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-132/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-132/", }, ], }, source: { advisory: "ICSA-21-355-03", discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information.", }, ], }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-23157", datePublished: "2022-01-14T19:10:40.173459Z", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2024-09-17T03:59:53.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25199
Vulnerability from cvelistv5
Published
2020-12-09 16:12
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | WECON Technology Co., Ltd LeviStudioU |
Version: LeviStudioU: Release Build 2019-09-21 and prior. If you have questions about the affected products, please contact WECON. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:33:04.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WECON Technology Co., Ltd LeviStudioU", vendor: "n/a", versions: [ { status: "affected", version: "LeviStudioU: Release Build 2019-09-21 and prior. If you have questions about the affected products, please contact WECON.", }, ], }, ], descriptions: [ { lang: "en", value: "A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "HEAP-BASED BUFFER OVERFLOW CWE-122", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-09T16:12:36", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-25199", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WECON Technology Co., Ltd LeviStudioU", version: { version_data: [ { version_value: "LeviStudioU: Release Build 2019-09-21 and prior. If you have questions about the affected products, please contact WECON.", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "HEAP-BASED BUFFER OVERFLOW CWE-122", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-25199", datePublished: "2020-12-09T16:12:36", dateReserved: "2020-09-04T00:00:00", dateUpdated: "2024-08-04T15:33:04.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10614
Vulnerability from cvelistv5
Published
2018-10-09 21:00
Modified
2024-09-17 01:40
Severity ?
EPSS score ?
Summary
An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON Technology Co., Ltd | LeviStudioU |
Version: Versions 1.8.29 and 1.8.44 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:46:46.137Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "WECON Technology Co., Ltd", versions: [ { status: "affected", version: "Versions 1.8.29 and 1.8.44", }, ], }, ], datePublic: "2018-07-31T00:00:00", descriptions: [ { lang: "en", value: "An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T20:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2018-07-31T00:00:00", ID: "CVE-2018-10614", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_value: "Versions 1.8.29 and 1.8.44", }, ], }, }, ], }, vendor_name: "WECON Technology Co., Ltd", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611", }, ], }, ], }, references: { reference_data: [ { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2018-10614", datePublished: "2018-10-09T21:00:00Z", dateReserved: "2018-05-01T00:00:00", dateUpdated: "2024-09-17T01:40:31.228Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23138
Vulnerability from cvelistv5
Published
2022-01-14 19:10
Modified
2024-09-16 21:03
Severity ?
EPSS score ?
Summary
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-133/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-139/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-134/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-136/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-138/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-141/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-137/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-131/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-135/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-142/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-129/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-140/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON | LeviStudioU |
Version: All < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:26.281Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-133/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-139/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-134/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-136/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-138/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-141/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-137/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-131/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-135/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-142/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-129/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-140/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "WECON", versions: [ { lessThanOrEqual: "2019-09-21", status: "affected", version: "All", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.", }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-27T09:06:36", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-133/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-139/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-134/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-136/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-138/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-141/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-137/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-131/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-135/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-142/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-129/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-140/", }, ], source: { advisory: "ICSA-21-355-03", discovery: "UNKNOWN", }, title: "WECON LeviStudioU", workarounds: [ { lang: "en", value: "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T19:09:00.000Z", ID: "CVE-2021-23138", STATE: "PUBLIC", TITLE: "WECON LeviStudioU", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "2019-09-21", }, ], }, }, ], }, vendor_name: "WECON", }, ], }, }, credit: [ { lang: "eng", value: "Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121 Stack-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-03", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-133/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-133/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-139/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-139/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-134/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-134/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-136/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-136/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-138/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-138/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-141/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-141/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-137/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-137/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-131/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-131/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-135/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-135/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-142/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-142/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-129/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-129/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-140/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-140/", }, ], }, source: { advisory: "ICSA-21-355-03", discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact WECON technical support for additional information.", }, ], }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-23138", datePublished: "2022-01-14T19:10:41.500286Z", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2024-09-16T21:03:24.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6539
Vulnerability from cvelistv5
Published
2019-02-13 00:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106861 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | WECON LeviStudioU |
Version: LeviStudioU Versions 1.8.56 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:23:21.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106861", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106861", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WECON LeviStudioU", vendor: "ICS-CERT", versions: [ { status: "affected", version: "LeviStudioU Versions 1.8.56 and prior", }, ], }, ], datePublic: "2019-02-05T00:00:00", descriptions: [ { lang: "en", value: "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "Heap-based buffer overflow CWE-122", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-13T10:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { name: "106861", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106861", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2019-02-05T00:00:00", ID: "CVE-2019-6539", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WECON LeviStudioU", version: { version_data: [ { version_value: "LeviStudioU Versions 1.8.56 and prior", }, ], }, }, ], }, vendor_name: "ICS-CERT", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Heap-based buffer overflow CWE-122", }, ], }, ], }, references: { reference_data: [ { name: "106861", refsource: "BID", url: "http://www.securityfocus.com/bid/106861", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2019-6539", datePublished: "2019-02-13T00:00:00Z", dateReserved: "2019-01-22T00:00:00", dateUpdated: "2024-09-16T19:56:23.233Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10606
Vulnerability from cvelistv5
Published
2018-09-26 18:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/104935 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WECON Technology Co., Ltd. | LeviStudioU |
Version: Versions 1.8.29 and 1.8.44 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:46:45.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { name: "104935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104935", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LeviStudioU", vendor: "WECON Technology Co., Ltd.", versions: [ { status: "affected", version: "Versions 1.8.29 and 1.8.44", }, ], }, ], datePublic: "2018-07-31T00:00:00", descriptions: [ { lang: "en", value: "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "HEAP-BASED BUFFER OVERFLOW CWE-122", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-27T09:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { name: "104935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104935", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2018-07-31T00:00:00", ID: "CVE-2018-10606", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LeviStudioU", version: { version_data: [ { version_value: "Versions 1.8.29 and 1.8.44", }, ], }, }, ], }, vendor_name: "WECON Technology Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "HEAP-BASED BUFFER OVERFLOW CWE-122", }, ], }, ], }, references: { reference_data: [ { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", }, { name: "104935", refsource: "BID", url: "http://www.securityfocus.com/bid/104935", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2018-10606", datePublished: "2018-09-26T18:00:00Z", dateReserved: "2018-05-01T00:00:00", dateUpdated: "2024-09-16T23:51:42.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6541
Vulnerability from cvelistv5
Published
2019-02-13 00:00
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106861 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | WECON LeviStudioU |
Version: LeviStudioU Versions 1.8.56 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:23:21.844Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106861", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106861", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WECON LeviStudioU", vendor: "ICS-CERT", versions: [ { status: "affected", version: "LeviStudioU Versions 1.8.56 and prior", }, ], }, ], datePublic: "2019-02-05T00:00:00", descriptions: [ { lang: "en", value: "A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "Memory corruption CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-13T10:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { name: "106861", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106861", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2019-02-05T00:00:00", ID: "CVE-2019-6541", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WECON LeviStudioU", version: { version_data: [ { version_value: "LeviStudioU Versions 1.8.56 and prior", }, ], }, }, ], }, vendor_name: "ICS-CERT", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Memory corruption CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "106861", refsource: "BID", url: "http://www.securityfocus.com/bid/106861", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2019-6541", datePublished: "2019-02-13T00:00:00Z", dateReserved: "2019-01-22T00:00:00", dateUpdated: "2024-09-17T00:01:16.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25186
Vulnerability from cvelistv5
Published
2020-10-22 20:09
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | WECON Technology Co., Ltd (WECON) LeviStudioU |
Version: Release Build 2019-09-21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:26:09.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WECON Technology Co., Ltd (WECON) LeviStudioU", vendor: "n/a", versions: [ { status: "affected", version: "Release Build 2019-09-21", }, ], }, ], descriptions: [ { lang: "en", value: "An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-22T20:09:29", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-25186", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WECON Technology Co., Ltd (WECON) LeviStudioU", version: { version_data: [ { version_value: "Release Build 2019-09-21", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-25186", datePublished: "2020-10-22T20:09:29", dateReserved: "2020-09-04T00:00:00", dateUpdated: "2024-08-04T15:26:09.785Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }