Main Vulnerability Database Vulnerabilities #VU9704

Heap-based buffer overflow in LeviStudio HMI - CVE-2017-16717

Published: December 19, 2017 / Updated: December 22, 2017

Vulnerability identifier: #VU9704

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-16717

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WECON Technology Co., Ltd.

Affected software:
LeviStudio HMI

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2017-16717

Update to the latest version.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-17-353-05

Heap-based buffer overflow in LeviStudio HMI - CVE-2017-16717

Detailed vulnerability description

How to mitigate CVE-2017-16717

Sources

Please verify you're human