Wecon Technologies LEVI Studio HMI Editor Multiple Security Vulnerabilities

Wecon Technologies LEVI Studio HMI Editor is prone to the following multiple security vulnerabilities.

1. A stack-based buffer-overflow vulnerability

2. A heap-based buffer-overflow vulnerability

Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Wecon Technologies LEVI Studio HMI Editor version prior to 1.8.1 are vulnerable.

Information

Bugtraq ID: 97639
Class: Boundary Condition Error
CVE: CVE-2017-6035
CVE-2017-6037

Remote: Yes
Local: No
Published: Apr 13 2017 12:00AM
Updated: Apr 13 2017 09:05PM
Credit: Andrea (rgod) Micalizzi, working with iDefense Labs.
Vulnerable: Wecon Technologies LEVI Studio HMI Editor 0

Not Vulnerable: Wecon Technologies LEVI Studio HMI Editor 1.8.1

References:

• ICSA-17-103-01:Wecon Technologies LEVI Studio HMI Editor (CERT)
  
• WECON Homepage (Wecon)
  

Source: www.securityfocus.com