You are here

WECON PLC Editor (ICSA-18-261-01) - Product Used in the Water and Wastewater and Energy Sectors

WECON PLC Editor (ICSA-18-261-01) - Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, September 20, 2018 - 11:40
Categories:
Cybersecurity

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in WECON PLC Editor. For SCALANCE X300 and X408, all versions prior to 4.0.0 are affected. Version 1.3.3U is affected. Successful exploitation of this vulnerability could result in unauthorized code execution within the current process. WECON has verified the vulnerability but has not yet released an updated version. All users should limit application interaction to only trusted files and update software to the latest version as updates become available. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.