October 2, 2018

The NCCIC has updated this advisory with additional details on the nature of the vulnerabilities and the background of the affected products. NCCIC/ICS-CERT.

July 31, 2018

The NCCIC has released an advisory regarding a stack-based buffer overflow and heap-based buffer overflow vulnerability in WECON LeviStudioU products. The vulnerability affects LeviStudioU, versions 1.8.29 and 1.8.44. Successful exploitation of this vulnerability could allow an attacker to execute remote code. This vulnerability results in multiple stack-based and heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level. Updating to the latest version of LeviStudioU may address some of the vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. NCCIC/ICS-CERT.