You are here

WECON PI Studion (ICSA-18-277-01) – Product Used in the Water and Wastewater and Energy Sectors

WECON PI Studion (ICSA-18-277-01) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, October 4, 2018 - 15:13
Categories:
Cybersecurity

The NCCIC has released an advisory on stack-based buffer overflow, out-of-bounds write, information exposure through XML external entity reference, and out-of-bounds read vulnerabilities in WECON PI Studio. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior are affected. Successful exploitation of these vulnerabilities may allow remote code execution, execution of code in the context of an administrator, read past the end of an allocated object or allow an attacker to disclose sensitive information under the context of administrator. WECON has verified the vulnerabilities but has not yet released an updated version. The NCCIC is currently working with WECON and will update the advisory once an updated version is released. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.