Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-14792 |
CWE-ID | CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
PLC Editor Client/Desktop applications / Other client software |
Vendor | WECON Technology Co., Ltd. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU36629
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14792
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
MitigationInstall update from vendor's website.
Vulnerable software versionsPLC Editor: 1.3.3u
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-261-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.