Details of VAR-201801-0157

ID

VAR-201801-0157

CVE

CVE-2017-16739

TITLE

WECON Technology LEVI Studio HMI Editor Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-012041 // CNNVD: CNNVD-201801-528

DESCRIPTION

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. WECON Technology LEVI Studio HMI Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudioU Project files. When providing an overly long MulStatus szFilename XML attribute, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. LeviStudio HMI Editor is an editor in the human-machine interface of Wecon Technologies of China. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 4.59

sources: NVD: CVE-2017-16739 // JVNDB: JVNDB-2017-012041 // ZDI: ZDI-18-125 // ZDI: ZDI-18-128 // ZDI: ZDI-18-127 // CNVD: CNVD-2018-00908 // BID: 102493 // IVD: e2e12eae-39ab-11e9-87c7-000c29342cb1 // VULHUB: VHN-107691

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e12eae-39ab-11e9-87c7-000c29342cb1 // CNVD: CNVD-2018-00908

AFFECTED PRODUCTS

vendor:	wecon	model:	levistudiou	scope:	-	version:	-	Trust: 2.1
vendor:	we con	model:	levistudio hmi editor	scope:	lte	version:	1.8.29	Trust: 1.0
vendor:	wecon	model:	levi studio hmi editor	scope:	lte	version:	1.8.29	Trust: 0.8
vendor:	wecon	model:	levi studio hmi editor	scope:	lte	version:	<=1.8.29	Trust: 0.6
vendor:	we con	model:	levistudio hmi editor	scope:	eq	version:	1.8.29	Trust: 0.6
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8.29	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8.2	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8.1	Trust: 0.3
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.8	Trust: 0.3
vendor:	levistudio hmi editor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e12eae-39ab-11e9-87c7-000c29342cb1 // ZDI: ZDI-18-125 // ZDI: ZDI-18-128 // ZDI: ZDI-18-127 // CNVD: CNVD-2018-00908 // BID: 102493 // JVNDB: JVNDB-2017-012041 // CNNVD: CNNVD-201801-528 // NVD: CVE-2017-16739

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2017-16739
value:	MEDIUM
Trust: 2.1
nvd@nist.gov:	CVE-2017-16739
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-16739
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-00908
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-528
value:	HIGH
Trust: 0.6
IVD:	e2e12eae-39ab-11e9-87c7-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-107691
value:	MEDIUM
Trust: 0.1

ZDI:	CVE-2017-16739
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.1
nvd@nist.gov:	CVE-2017-16739
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-00908
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e12eae-39ab-11e9-87c7-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-107691
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16739
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e12eae-39ab-11e9-87c7-000c29342cb1 // ZDI: ZDI-18-125 // ZDI: ZDI-18-128 // ZDI: ZDI-18-127 // CNVD: CNVD-2018-00908 // VULHUB: VHN-107691 // JVNDB: JVNDB-2017-012041 // CNNVD: CNNVD-201801-528 // NVD: CVE-2017-16739

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-121	Trust: 1.0

sources: VULHUB: VHN-107691 // JVNDB: JVNDB-2017-012041 // NVD: CVE-2017-16739

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-528

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2e12eae-39ab-11e9-87c7-000c29342cb1 // CNNVD: CNNVD-201801-528

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012041

PATCH

title:	Wecon has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01	Trust: 2.1
title:	Top Page	url:	http://www.we-con.com.cn/en/	Trust: 0.8
title:	Patch for Wecon Technologies LeviStudio HMI Editor Stack Buffer Overflow Vulnerability (CNVD-2018-00908)	url:	https://www.cnvd.org.cn/patchInfo/show/113411	Trust: 0.6
title:	WECON Technology LEVI Studio HMI Editor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77749	Trust: 0.6

sources: ZDI: ZDI-18-125 // ZDI: ZDI-18-128 // ZDI: ZDI-18-127 // CNVD: CNVD-2018-00908 // JVNDB: JVNDB-2017-012041 // CNNVD: CNNVD-201801-528

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16739	Trust: 5.7
db:	ICS CERT	id:	ICSA-18-011-01	Trust: 3.4
db:	BID	id:	102493	Trust: 2.6
db:	CNNVD	id:	CNNVD-201801-528	Trust: 0.9
db:	CNVD	id:	CNVD-2018-00908	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-012041	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5217	Trust: 0.7
db:	ZDI	id:	ZDI-18-125	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5311	Trust: 0.7
db:	ZDI	id:	ZDI-18-128	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5230	Trust: 0.7
db:	ZDI	id:	ZDI-18-127	Trust: 0.7
db:	IVD	id:	E2E12EAE-39AB-11E9-87C7-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-107691	Trust: 0.1

sources: IVD: e2e12eae-39ab-11e9-87c7-000c29342cb1 // ZDI: ZDI-18-125 // ZDI: ZDI-18-128 // ZDI: ZDI-18-127 // CNVD: CNVD-2018-00908 // VULHUB: VHN-107691 // BID: 102493 // JVNDB: JVNDB-2017-012041 // CNNVD: CNNVD-201801-528 // NVD: CVE-2017-16739

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-011-01	Trust: 5.5
url:	http://www.securityfocus.com/bid/102493	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16739	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16739	Trust: 0.8
url:	http://www.we-con.com.cn/en/	Trust: 0.3

sources: ZDI: ZDI-18-125 // ZDI: ZDI-18-128 // ZDI: ZDI-18-127 // CNVD: CNVD-2018-00908 // VULHUB: VHN-107691 // BID: 102493 // JVNDB: JVNDB-2017-012041 // CNNVD: CNNVD-201801-528 // NVD: CVE-2017-16739

CREDITS

Brian Gorenc - Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-18-125

SOURCES

db:	IVD	id:	e2e12eae-39ab-11e9-87c7-000c29342cb1
db:	ZDI	id:	ZDI-18-125
db:	ZDI	id:	ZDI-18-128
db:	ZDI	id:	ZDI-18-127
db:	CNVD	id:	CNVD-2018-00908
db:	VULHUB	id:	VHN-107691
db:	BID	id:	102493
db:	JVNDB	id:	JVNDB-2017-012041
db:	CNNVD	id:	CNNVD-201801-528
db:	NVD	id:	CVE-2017-16739

LAST UPDATE DATE

2024-11-23T22:07:05.294000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-125	date:	2018-01-18T00:00:00
db:	ZDI	id:	ZDI-18-128	date:	2018-01-18T00:00:00
db:	ZDI	id:	ZDI-18-127	date:	2018-01-18T00:00:00
db:	CNVD	id:	CNVD-2018-00908	date:	2018-01-15T00:00:00
db:	VULHUB	id:	VHN-107691	date:	2019-10-09T00:00:00
db:	BID	id:	102493	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012041	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-528	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16739	date:	2024-11-21T03:16:52.797

SOURCES RELEASE DATE

db:	IVD	id:	e2e12eae-39ab-11e9-87c7-000c29342cb1	date:	2018-01-15T00:00:00
db:	ZDI	id:	ZDI-18-125	date:	2018-01-18T00:00:00
db:	ZDI	id:	ZDI-18-128	date:	2018-01-18T00:00:00
db:	ZDI	id:	ZDI-18-127	date:	2018-01-18T00:00:00
db:	CNVD	id:	CNVD-2018-00908	date:	2018-01-15T00:00:00
db:	VULHUB	id:	VHN-107691	date:	2018-01-12T00:00:00
db:	BID	id:	102493	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012041	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-528	date:	2018-01-16T00:00:00
db:	NVD	id:	CVE-2017-16739	date:	2018-01-12T20:29:00.307