CVE-2017-13999 - OpenCVE

A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
We-con	Levi Studio Hmi Editor

Configuration 1 [-]

cpe:2.3:a:we-con:levi_studio_hmi_editor:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/101250	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/102493
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2017-10-17T22:00:00

Updated: 2018-01-12T10:57:01

Reserved: 2017-08-30T00:00:00

Link: CVE-2017-13999

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-17T22:29:00.213

Modified: 2018-01-13T02:29:12.707

Link: CVE-2017-13999

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "WECON Technology Co., Ltd. LeviStudio HMI Editor", "vendor": "n/a", "versions": [{"status": "affected", "version": "WECON Technology Co., Ltd. LeviStudio HMI Editor"}]}], "datePublic": "2017-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-01-12T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02"}, {"name": "101250", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101250"}, {"name": "102493", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102493"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-13999", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WECON Technology Co., Ltd. LeviStudio HMI Editor", "version": {"version_data": [{"version_value": "WECON Technology Co., Ltd. LeviStudio HMI Editor"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02"}, {"name": "101250", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101250"}, {"name": "102493", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102493"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-13999", "datePublished": "2017-10-17T22:00:00", "dateReserved": "2017-08-30T00:00:00", "dateUpdated": "2018-01-12T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:we-con:levi_studio_hmi_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F1FF8C9-1F55-48F7-A895-CCFE27C9519D", "versionEndIncluding": "1.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code."}, {"lang": "es", "value": "Un problema de desbordamiento de b\u00fafer basado en pila se ha descubierto en WECON LEVI Studio HMI Editor v1.8.1 y anteriores. M\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer basado en pila se han identificado en las que la aplicaci\u00f3n no verifica el tama\u00f1o de cadena antes de copiarla en la memoria; el atacante podr\u00eda ser capaz de cerrar inesperadamente la aplicaci\u00f3n o de ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2017-13999", "lastModified": "2018-01-13T02:29:12.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-17T22:29:00.213", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101250"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://www.securityfocus.com/bid/102493"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}