Details of VAR-201710-0796

ID

VAR-201710-0796

CVE

CVE-2017-13999

TITLE

WECON LEVI Studio HMI Editor Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-009524 // CNNVD: CNNVD-201710-584

DESCRIPTION

A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code. WECON LEVI Studio HMI Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LeviStudio HMI Editor is an editor in the human-machine interface of Wecon Technologies of China. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2017-13999 // JVNDB: JVNDB-2017-009524 // CNVD: CNVD-2017-29975 // BID: 101250 // IVD: 67cb8d5c-fecb-4c73-8f18-d7b9d23325e8

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 67cb8d5c-fecb-4c73-8f18-d7b9d23325e8 // CNVD: CNVD-2017-29975

AFFECTED PRODUCTS

vendor:	we con	model:	levi studio hmi editor	scope:	lte	version:	1.8.1	Trust: 1.0
vendor:	wecon	model:	levi studio hmi editor	scope:	lte	version:	1.8.1	Trust: 0.8
vendor:	wecon	model:	levi studio hmi editor	scope:	lt	version:	1.8.1	Trust: 0.6
vendor:	we con	model:	levi studio hmi editor	scope:	eq	version:	1.8.1	Trust: 0.6
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8.1	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	ne	version:	1.8.2	Trust: 0.3
vendor:	levi studio hmi editor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 67cb8d5c-fecb-4c73-8f18-d7b9d23325e8 // CNVD: CNVD-2017-29975 // BID: 101250 // JVNDB: JVNDB-2017-009524 // CNNVD: CNNVD-201710-584 // NVD: CVE-2017-13999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13999
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-13999
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-29975
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201710-584
value:	HIGH
Trust: 0.6
IVD:	67cb8d5c-fecb-4c73-8f18-d7b9d23325e8
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-13999
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-29975
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	67cb8d5c-fecb-4c73-8f18-d7b9d23325e8
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-13999
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 67cb8d5c-fecb-4c73-8f18-d7b9d23325e8 // CNVD: CNVD-2017-29975 // JVNDB: JVNDB-2017-009524 // CNNVD: CNNVD-201710-584 // NVD: CVE-2017-13999

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-121	Trust: 1.0

sources: JVNDB: JVNDB-2017-009524 // NVD: CVE-2017-13999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-584

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 67cb8d5c-fecb-4c73-8f18-d7b9d23325e8 // CNNVD: CNNVD-201710-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009524

PATCH

title:	Top Page	url:	http://www.we-con.com.cn/en/	Trust: 0.8
title:	WECON Technology LeviStudio HMI Editor Stack Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/103556	Trust: 0.6

sources: CNVD: CNVD-2017-29975 // JVNDB: JVNDB-2017-009524

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13999	Trust: 3.5
db:	ICS CERT	id:	ICSA-17-285-02	Trust: 3.3
db:	BID	id:	101250	Trust: 1.3
db:	BID	id:	102493	Trust: 1.0
db:	CNVD	id:	CNVD-2017-29975	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-584	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009524	Trust: 0.8
db:	IVD	id:	67CB8D5C-FECB-4C73-8F18-D7B9D23325E8	Trust: 0.2

sources: IVD: 67cb8d5c-fecb-4c73-8f18-d7b9d23325e8 // CNVD: CNVD-2017-29975 // BID: 101250 // JVNDB: JVNDB-2017-009524 // CNNVD: CNNVD-201710-584 // NVD: CVE-2017-13999

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-285-02	Trust: 3.0
url:	http://www.securityfocus.com/bid/102493	Trust: 1.0
url:	http://www.securityfocus.com/bid/101250	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13999	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13999	Trust: 0.8
url:	http://www.we-con.com.cn/en/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-285-02 icsa-17-285-02	Trust: 0.3

sources: CNVD: CNVD-2017-29975 // BID: 101250 // JVNDB: JVNDB-2017-009524 // CNNVD: CNNVD-201710-584 // NVD: CVE-2017-13999

CREDITS

Andrea (rgod) Micalizzi, working with iDefense Labs.

Trust: 0.3

sources: BID: 101250

SOURCES

db:	IVD	id:	67cb8d5c-fecb-4c73-8f18-d7b9d23325e8
db:	CNVD	id:	CNVD-2017-29975
db:	BID	id:	101250
db:	JVNDB	id:	JVNDB-2017-009524
db:	CNNVD	id:	CNNVD-201710-584
db:	NVD	id:	CVE-2017-13999

LAST UPDATE DATE

2025-04-20T23:19:49.415000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-29975	date:	2017-10-13T00:00:00
db:	BID	id:	101250	date:	2017-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-009524	date:	2017-11-15T00:00:00
db:	CNNVD	id:	CNNVD-201710-584	date:	2017-11-10T00:00:00
db:	NVD	id:	CVE-2017-13999	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	67cb8d5c-fecb-4c73-8f18-d7b9d23325e8	date:	2017-10-13T00:00:00
db:	CNVD	id:	CNVD-2017-29975	date:	2017-10-13T00:00:00
db:	BID	id:	101250	date:	2017-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-009524	date:	2017-11-15T00:00:00
db:	CNNVD	id:	CNNVD-201710-584	date:	2017-10-17T00:00:00
db:	NVD	id:	CVE-2017-13999	date:	2017-10-17T22:29:00.213