Details of VAR-201801-0156

ID

VAR-201801-0156

CVE

CVE-2017-16737

TITLE

WECON Technology LEVI Studio HMI Editor Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-012040 // CNNVD: CNNVD-201801-529

DESCRIPTION

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user. WECON Technology LEVI Studio HMI Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudioU Project files. When providing an overly long General FigureFile XML attribute, the process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. LeviStudio HMI Editor is an editor in the human-machine interface of Wecon Technologies of China. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 3.33

sources: NVD: CVE-2017-16737 // JVNDB: JVNDB-2017-012040 // ZDI: ZDI-18-126 // CNVD: CNVD-2018-00907 // BID: 102493 // IVD: e2e155c1-39ab-11e9-beb3-000c29342cb1 // VULHUB: VHN-107689

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e155c1-39ab-11e9-beb3-000c29342cb1 // CNVD: CNVD-2018-00907

AFFECTED PRODUCTS

vendor:	we con	model:	levistudio hmi editor	scope:	lte	version:	1.8.29	Trust: 1.0
vendor:	wecon	model:	levi studio hmi editor	scope:	lte	version:	1.8.29	Trust: 0.8
vendor:	wecon	model:	levistudiou	scope:	-	version:	-	Trust: 0.7
vendor:	wecon	model:	levi studio hmi editor	scope:	lte	version:	<=1.8.29	Trust: 0.6
vendor:	we con	model:	levistudio hmi editor	scope:	eq	version:	1.8.29	Trust: 0.6
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8.29	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8.2	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8.1	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8	Trust: 0.3
vendor:	levistudio hmi editor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e155c1-39ab-11e9-beb3-000c29342cb1 // ZDI: ZDI-18-126 // CNVD: CNVD-2018-00907 // BID: 102493 // JVNDB: JVNDB-2017-012040 // CNNVD: CNNVD-201801-529 // NVD: CVE-2017-16737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16737
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-16737
value:	HIGH
Trust: 0.8
ZDI:	CVE-2017-16737
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2018-00907
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-529
value:	HIGH
Trust: 0.6
IVD:	e2e155c1-39ab-11e9-beb3-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-107689
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-16737
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-16737
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-00907
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e155c1-39ab-11e9-beb3-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-107689
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16737
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e155c1-39ab-11e9-beb3-000c29342cb1 // ZDI: ZDI-18-126 // CNVD: CNVD-2018-00907 // VULHUB: VHN-107689 // JVNDB: JVNDB-2017-012040 // CNNVD: CNNVD-201801-529 // NVD: CVE-2017-16737

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-122	Trust: 1.0

sources: VULHUB: VHN-107689 // JVNDB: JVNDB-2017-012040 // NVD: CVE-2017-16737

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-529

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2e155c1-39ab-11e9-beb3-000c29342cb1 // CNNVD: CNNVD-201801-529

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012040

PATCH

title:	Top Page	url:	http://www.we-con.com.cn/en/	Trust: 0.8
title:	Wecon has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01	Trust: 0.7
title:	Wecon Technologies LeviStudio HMI Editor heap buffer overflow vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/113413	Trust: 0.6
title:	WECON Technology LEVI Studio HMI Editor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77750	Trust: 0.6

sources: ZDI: ZDI-18-126 // CNVD: CNVD-2018-00907 // JVNDB: JVNDB-2017-012040 // CNNVD: CNNVD-201801-529

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16737	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-011-01	Trust: 3.4
db:	BID	id:	102493	Trust: 2.6
db:	CNNVD	id:	CNNVD-201801-529	Trust: 0.9
db:	CNVD	id:	CNVD-2018-00907	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-012040	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5229	Trust: 0.7
db:	ZDI	id:	ZDI-18-126	Trust: 0.7
db:	IVD	id:	E2E155C1-39AB-11E9-BEB3-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-107689	Trust: 0.1

sources: IVD: e2e155c1-39ab-11e9-beb3-000c29342cb1 // ZDI: ZDI-18-126 // CNVD: CNVD-2018-00907 // VULHUB: VHN-107689 // BID: 102493 // JVNDB: JVNDB-2017-012040 // CNNVD: CNNVD-201801-529 // NVD: CVE-2017-16737

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-011-01	Trust: 4.1
url:	http://www.securityfocus.com/bid/102493	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16737	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16737	Trust: 0.8
url:	http://www.we-con.com.cn/en/	Trust: 0.3

sources: ZDI: ZDI-18-126 // CNVD: CNVD-2018-00907 // VULHUB: VHN-107689 // BID: 102493 // JVNDB: JVNDB-2017-012040 // CNNVD: CNNVD-201801-529 // NVD: CVE-2017-16737

CREDITS

HanM0u of CloverSec Labs

Trust: 0.7

sources: ZDI: ZDI-18-126

SOURCES

db:	IVD	id:	e2e155c1-39ab-11e9-beb3-000c29342cb1
db:	ZDI	id:	ZDI-18-126
db:	CNVD	id:	CNVD-2018-00907
db:	VULHUB	id:	VHN-107689
db:	BID	id:	102493
db:	JVNDB	id:	JVNDB-2017-012040
db:	CNNVD	id:	CNNVD-201801-529
db:	NVD	id:	CVE-2017-16737

LAST UPDATE DATE

2024-11-23T22:07:05.347000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-126	date:	2018-01-18T00:00:00
db:	CNVD	id:	CNVD-2018-00907	date:	2018-01-15T00:00:00
db:	VULHUB	id:	VHN-107689	date:	2019-10-09T00:00:00
db:	BID	id:	102493	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012040	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-529	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16737	date:	2024-11-21T03:16:52.683

SOURCES RELEASE DATE

db:	IVD	id:	e2e155c1-39ab-11e9-beb3-000c29342cb1	date:	2018-01-15T00:00:00
db:	ZDI	id:	ZDI-18-126	date:	2018-01-18T00:00:00
db:	CNVD	id:	CNVD-2018-00907	date:	2018-01-15T00:00:00
db:	VULHUB	id:	VHN-107689	date:	2018-01-12T00:00:00
db:	BID	id:	102493	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012040	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-529	date:	2018-01-16T00:00:00
db:	NVD	id:	CVE-2017-16737	date:	2018-01-12T20:29:00.260