Details of VAR-201804-1655

ID

VAR-201804-1655

CVE

CVE-2018-7527

TITLE

Wecon LeviStudioU of LeviStudio HMI Editor and PI Studio HMI Project Programmer Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005009

DESCRIPTION

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe. When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 5.13

sources: NVD: CVE-2018-7527 // JVNDB: JVNDB-2018-005009 // ZDI: ZDI-18-406 // ZDI: ZDI-18-407 // ZDI: ZDI-18-408 // ZDI: ZDI-18-409 // CNVD: CNVD-2018-08900 // BID: 104016 // IVD: e2edd8e1-39ab-11e9-b1aa-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2edd8e1-39ab-11e9-b1aa-000c29342cb1 // CNVD: CNVD-2018-08900

AFFECTED PRODUCTS

vendor:	we con	model:	levistudio hmi editor	scope:	eq	version:	1.10	Trust: 1.6
vendor:	wecon	model:	levistudio	scope:	-	version:	-	Trust: 1.4
vendor:	wecon	model:	levistudiou	scope:	eq	version:	1.8.29	Trust: 1.1
vendor:	we con	model:	levistudiou	scope:	lte	version:	1.8.29	Trust: 1.0
vendor:	we con	model:	pi studio hmi project programmer	scope:	lte	version:	2017-11-11	Trust: 1.0
vendor:	wecon	model:	levi studio hmi editor	scope:	eq	version:	1.10	Trust: 0.8
vendor:	wecon	model:	pi studio hmi project programmer	scope:	eq	version:	build: november 11	Trust: 0.8
vendor:	wecon	model:	pi studio hmi project programmer	scope:	lte	version:	2017	Trust: 0.8
vendor:	wecon	model:	levistudiou	scope:	-	version:	-	Trust: 0.7
vendor:	wecon	model:	pi studio hmi project programmer	scope:	-	version:	-	Trust: 0.7
vendor:	wecon	model:	levistudio hmi editor	scope:	lte	version:	<=1.8.29	Trust: 0.6
vendor:	wecon	model:	pi studio hmi project programmer <=november	scope:	eq	version:	112017	Trust: 0.6
vendor:	we con	model:	pi studio hmi project programmer	scope:	eq	version:	2017-11-11	Trust: 0.6
vendor:	we con	model:	levistudiou	scope:	eq	version:	1.8.29	Trust: 0.6
vendor:	wecon	model:	pi studio hmi project programmer	scope:	eq	version:	0	Trust: 0.3
vendor:	wecon	model:	levistudio hmi editor	scope:	eq	version:	1.10	Trust: 0.3
vendor:	levistudio hmi editor	model:	-	scope:	eq	version:	1.10	Trust: 0.2
vendor:	levistudiou	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	pi studio hmi programmer	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2edd8e1-39ab-11e9-b1aa-000c29342cb1 // ZDI: ZDI-18-406 // ZDI: ZDI-18-407 // ZDI: ZDI-18-408 // ZDI: ZDI-18-409 // CNVD: CNVD-2018-08900 // BID: 104016 // JVNDB: JVNDB-2018-005009 // CNNVD: CNNVD-201804-1462 // NVD: CVE-2018-7527

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-7527
value:	MEDIUM
Trust: 2.8
nvd@nist.gov:	CVE-2018-7527
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7527
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-08900
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201804-1462
value:	MEDIUM
Trust: 0.6
IVD:	e2edd8e1-39ab-11e9-b1aa-000c29342cb1
value:	MEDIUM
Trust: 0.2

ZDI:	CVE-2018-7527
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.8
nvd@nist.gov:	CVE-2018-7527
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08900
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2edd8e1-39ab-11e9-b1aa-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7527
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: IVD: e2edd8e1-39ab-11e9-b1aa-000c29342cb1 // ZDI: ZDI-18-406 // ZDI: ZDI-18-407 // ZDI: ZDI-18-408 // ZDI: ZDI-18-409 // CNVD: CNVD-2018-08900 // JVNDB: JVNDB-2018-005009 // CNNVD: CNNVD-201804-1462 // NVD: CVE-2018-7527

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-121	Trust: 1.0

sources: JVNDB: JVNDB-2018-005009 // NVD: CVE-2018-7527

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-1462

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2edd8e1-39ab-11e9-b1aa-000c29342cb1 // CNNVD: CNNVD-201804-1462

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005009

PATCH

title:	Wecon has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02	Trust: 2.8
title:	Top Page	url:	http://www.we-con.com.cn/en/index.aspx	Trust: 0.8
title:	Patches for multiple WECON product buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/128121	Trust: 0.6
title:	Multiple WECON Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79723	Trust: 0.6

sources: ZDI: ZDI-18-406 // ZDI: ZDI-18-407 // ZDI: ZDI-18-408 // ZDI: ZDI-18-409 // CNVD: CNVD-2018-08900 // JVNDB: JVNDB-2018-005009 // CNNVD: CNNVD-201804-1462

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7527	Trust: 6.3
db:	ICS CERT	id:	ICSA-18-116-02	Trust: 3.3
db:	BID	id:	104016	Trust: 2.5
db:	CNVD	id:	CNVD-2018-08900	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1462	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005009	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5480	Trust: 0.7
db:	ZDI	id:	ZDI-18-406	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5481	Trust: 0.7
db:	ZDI	id:	ZDI-18-407	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5482	Trust: 0.7
db:	ZDI	id:	ZDI-18-408	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5506	Trust: 0.7
db:	ZDI	id:	ZDI-18-409	Trust: 0.7
db:	IVD	id:	E2EDD8E1-39AB-11E9-B1AA-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-116-02	Trust: 6.1
url:	http://www.securityfocus.com/bid/104016	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7527	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7527	Trust: 0.8
url:	http://www.we-con.com.cn/en/	Trust: 0.3

sources: ZDI: ZDI-18-406 // ZDI: ZDI-18-407 // ZDI: ZDI-18-408 // ZDI: ZDI-18-409 // CNVD: CNVD-2018-08900 // BID: 104016 // JVNDB: JVNDB-2018-005009 // CNNVD: CNNVD-201804-1462 // NVD: CVE-2018-7527

CREDITS

Sergey Zelenyuk of RVRT

Trust: 2.1

sources: ZDI: ZDI-18-406 // ZDI: ZDI-18-407 // ZDI: ZDI-18-408

SOURCES

db:	IVD	id:	e2edd8e1-39ab-11e9-b1aa-000c29342cb1
db:	ZDI	id:	ZDI-18-406
db:	ZDI	id:	ZDI-18-407
db:	ZDI	id:	ZDI-18-408
db:	ZDI	id:	ZDI-18-409
db:	CNVD	id:	CNVD-2018-08900
db:	BID	id:	104016
db:	JVNDB	id:	JVNDB-2018-005009
db:	CNNVD	id:	CNNVD-201804-1462
db:	NVD	id:	CVE-2018-7527

LAST UPDATE DATE

2024-11-23T22:30:27.366000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-406	date:	2018-05-04T00:00:00
db:	ZDI	id:	ZDI-18-407	date:	2018-05-04T00:00:00
db:	ZDI	id:	ZDI-18-408	date:	2018-05-04T00:00:00
db:	ZDI	id:	ZDI-18-409	date:	2018-05-04T00:00:00
db:	CNVD	id:	CNVD-2018-08900	date:	2018-05-04T00:00:00
db:	BID	id:	104016	date:	2018-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-005009	date:	2018-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201804-1462	date:	2020-07-23T00:00:00
db:	NVD	id:	CVE-2018-7527	date:	2024-11-21T04:12:18.080

SOURCES RELEASE DATE

db:	IVD	id:	e2edd8e1-39ab-11e9-b1aa-000c29342cb1	date:	2018-05-04T00:00:00
db:	ZDI	id:	ZDI-18-406	date:	2018-05-04T00:00:00
db:	ZDI	id:	ZDI-18-407	date:	2018-05-04T00:00:00
db:	ZDI	id:	ZDI-18-408	date:	2018-05-04T00:00:00
db:	ZDI	id:	ZDI-18-409	date:	2018-05-04T00:00:00
db:	CNVD	id:	CNVD-2018-08900	date:	2018-05-04T00:00:00
db:	BID	id:	104016	date:	2018-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-005009	date:	2018-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201804-1462	date:	2018-04-27T00:00:00
db:	NVD	id:	CVE-2018-7527	date:	2018-04-26T20:29:00.523