Sign-up

ID

VAR-201810-0397


CVE

CVE-2018-14818


TITLE

WECON Technology Co., Ltd. PI Studio HMI and PI Studio Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010755

DESCRIPTION

WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of hsc files. When parsing the TextContent element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. Wecon PI Studio HMI and PI Studio are human interface programming software from Wecon Technologies. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 3.24

sources: NVD: CVE-2018-14818 // JVNDB: JVNDB-2018-010755 // ZDI: ZDI-18-1109 // CNVD: CNVD-2018-21172 // BID: 105710 // IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1 // CNVD: CNVD-2018-21172

AFFECTED PRODUCTS

vendor:we conmodel:pi studio hmiscope:lteversion:4.1.9

Trust: 1.0

vendor:we conmodel:pi studioscope:lteversion:4.2.34

Trust: 1.0

vendor:weconmodel:pi studioscope:lteversion:4.2.34

Trust: 0.8

vendor:weconmodel:pi studio hmiscope:lteversion:4.1.9

Trust: 0.8

vendor:weconmodel:pistudioscope: - version: -

Trust: 0.7

vendor:weconmodel:pi studio hmiscope:lteversion:<=4.1.9

Trust: 0.6

vendor:weconmodel:pi studioscope:lteversion:<=4.2.34

Trust: 0.6

vendor:we conmodel:pi studio hmiscope:eqversion:4.1.9

Trust: 0.6

vendor:we conmodel:pi studioscope:eqversion:4.2.34

Trust: 0.6

vendor:weconmodel:pi studio hmi project programmerscope:eqversion:4.1.9

Trust: 0.3

vendor:weconmodel:pi studioscope:eqversion:4.2.34

Trust: 0.3

vendor:pi studiomodel: - scope:eqversion:*

Trust: 0.2

vendor:pi studio hmimodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1 // ZDI: ZDI-18-1109 // CNVD: CNVD-2018-21172 // BID: 105710 // JVNDB: JVNDB-2018-010755 // CNNVD: CNNVD-201810-244 // NVD: CVE-2018-14818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14818
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14818
value: CRITICAL

Trust: 0.8

ZDI: CVE-2018-14818
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-21172
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-244
value: CRITICAL

Trust: 0.6

IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-14818
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-14818
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2

Trust: 0.7

CNVD: CNVD-2018-21172
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-14818
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-14818
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1 // ZDI: ZDI-18-1109 // CNVD: CNVD-2018-21172 // JVNDB: JVNDB-2018-010755 // CNNVD: CNNVD-201810-244 // NVD: CVE-2018-14818

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-010755 // NVD: CVE-2018-14818

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-244

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1 // CNNVD: CNNVD-201810-244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010755

PATCH
title:Top Pageurl:http://www.we-con.com.cn/en/index.aspx
Trust: 0.8
title:Wecon has issued an update to correct this vulnerability.        This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.05/18/18 - ZDI sent the report to ICS-CERT05/22/18 - ICS-CERT acknowledged, confirmed the report was sent to the vendor and sent an ICS-VU #09/17/18 - ZDI asked ICS-CERT to confirm the report remains unpatched and to advise the vendor of the intent to publish the report as 0-day on 10/02/18-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.url:https://us-cert.cisa.gov/ics/advisories/ICSA-18-277-01
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1109 // 
            
            
            
            JVNDB: JVNDB-2018-010755

EXTERNAL IDS
db:NVDid:CVE-2018-14818
Trust: 4.2
db:ICS CERTid:ICSA-18-277-01
Trust: 3.3
db:CNVDid:CNVD-2018-21172
Trust: 0.8
db:CNNVDid:CNNVD-201810-244
Trust: 0.8
db:JVNDBid:JVNDB-2018-010755
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6253
Trust: 0.7
db:ZDIid:ZDI-18-1109
Trust: 0.7
db:BIDid:105710
Trust: 0.3
db:IVDid:E2FDB75F-39AB-11E9-83CB-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2fdb75f-39ab-11e9-83cb-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1109 // 
            
            
            
            CNVD: CNVD-2018-21172 // 
            
            
            
            BID: 105710 // 
            
            
            
            JVNDB: JVNDB-2018-010755 // 
            
            
            
            CNNVD: CNNVD-201810-244 // 
            
            
            
            NVD: CVE-2018-14818

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-277-01
Trust: 3.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14818
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14818
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-18-277-01
Trust: 0.7
url:http://www.we-con.com.cn/en/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-1109 // 
            
            
            
            CNVD: CNVD-2018-21172 // 
            
            
            
            BID: 105710 // 
            
            
            
            JVNDB: JVNDB-2018-010755 // 
            
            
            
            CNNVD: CNNVD-201810-244 // 
            
            
            
            NVD: CVE-2018-14818

CREDITS
Natnael Samson(Natti)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1109

SOURCES
db:IVDid:e2fdb75f-39ab-11e9-83cb-000c29342cb1
db:ZDIid:ZDI-18-1109
db:CNVDid:CNVD-2018-21172
db:BIDid:105710
db:JVNDBid:JVNDB-2018-010755
db:CNNVDid:CNNVD-201810-244
db:NVDid:CVE-2018-14818

LAST UPDATE DATE
2024-11-23T22:12:19.393000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1109date:2021-12-02T00:00:00
db:CNVDid:CNVD-2018-21172date:2018-10-18T00:00:00
db:BIDid:105710date:2018-10-04T00:00:00
db:JVNDBid:JVNDB-2018-010755date:2018-12-21T00:00:00
db:CNNVDid:CNNVD-201810-244date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14818date:2024-11-21T03:49:51.637

SOURCES RELEASE DATE
db:IVDid:e2fdb75f-39ab-11e9-83cb-000c29342cb1date:2018-10-18T00:00:00
db:ZDIid:ZDI-18-1109date:2018-10-02T00:00:00
db:CNVDid:CNVD-2018-21172date:2018-10-17T00:00:00
db:BIDid:105710date:2018-10-04T00:00:00
db:JVNDBid:JVNDB-2018-010755date:2018-12-21T00:00:00
db:CNNVDid:CNNVD-201810-244date:2018-10-09T00:00:00
db:NVDid:CVE-2018-14818date:2018-10-08T12:29:00.390