ID

VAR-201809-0087


CVE

CVE-2018-10602


TITLE

(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-834 // ZDI: ZDI-18-840

DESCRIPTION

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of UMP files. When parsing the EventSet WordAddr element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China

Trust: 11.7

sources: NVD: CVE-2018-10602 // ZDI: ZDI-18-824 // ZDI: ZDI-18-870 // ZDI: ZDI-18-807 // ZDI: ZDI-18-997 // ZDI: ZDI-18-857 // ZDI: ZDI-18-817 // ZDI: ZDI-18-797 // ZDI: ZDI-18-840 // ZDI: ZDI-18-847 // ZDI: ZDI-18-860 // ZDI: ZDI-18-837 // ZDI: ZDI-18-827 // ZDI: ZDI-18-834 // ZDI: ZDI-18-850 // ZDI: ZDI-18-805 // ZDI: ZDI-18-828 // CNVD: CNVD-2018-14455 // IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1 // CNVD: CNVD-2018-14455

AFFECTED PRODUCTS

vendor:weconmodel:levistudiouscope: - version: -

Trust: 11.2

vendor:we conmodel:levistudiouscope:eqversion:1.8.44

Trust: 1.6

vendor:we conmodel:levistudiouscope:eqversion:1.8.29

Trust: 1.6

vendor:weconmodel:levistudiouscope:eqversion:1.8.29

Trust: 0.6

vendor:weconmodel:levistudiouscope:eqversion:1.8.44

Trust: 0.6

vendor:levistudioumodel: - scope:eqversion:1.8.29

Trust: 0.2

vendor:levistudioumodel: - scope:eqversion:1.8.44

Trust: 0.2

sources: IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1 // ZDI: ZDI-18-824 // ZDI: ZDI-18-828 // ZDI: ZDI-18-805 // ZDI: ZDI-18-850 // ZDI: ZDI-18-834 // ZDI: ZDI-18-827 // ZDI: ZDI-18-837 // ZDI: ZDI-18-860 // ZDI: ZDI-18-847 // ZDI: ZDI-18-840 // ZDI: ZDI-18-797 // ZDI: ZDI-18-817 // ZDI: ZDI-18-857 // ZDI: ZDI-18-997 // ZDI: ZDI-18-807 // ZDI: ZDI-18-870 // CNVD: CNVD-2018-14455 // CNNVD: CNNVD-201808-310 // NVD: CVE-2018-10602

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-10602
value: HIGH

Trust: 11.2

nvd@nist.gov: CVE-2018-10602
value: HIGH

Trust: 1.0

CNVD: CNVD-2018-14455
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201808-310
value: HIGH

Trust: 0.6

IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-10602
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 12.2

CNVD: CNVD-2018-14455
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-10602
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1 // ZDI: ZDI-18-824 // ZDI: ZDI-18-828 // ZDI: ZDI-18-805 // ZDI: ZDI-18-850 // ZDI: ZDI-18-834 // ZDI: ZDI-18-827 // ZDI: ZDI-18-837 // ZDI: ZDI-18-860 // ZDI: ZDI-18-847 // ZDI: ZDI-18-840 // ZDI: ZDI-18-797 // ZDI: ZDI-18-817 // ZDI: ZDI-18-857 // ZDI: ZDI-18-997 // ZDI: ZDI-18-807 // ZDI: ZDI-18-870 // CNVD: CNVD-2018-14455 // CNNVD: CNNVD-201808-310 // NVD: CVE-2018-10602

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2018-10602

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-310

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1 // CNNVD: CNNVD-201808-310

PATCH

title:Wecon has issued an update to correct this vulnerability. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.03/07/18 - ZDI disclosed the report to ICS-CERT03/12/18 - ICS-CERT assigned ICS‑VU‑031741 and notified ZDI07/06/18 - ZDI inquired the status of ICS‑VU‑03174107/09/18 - ICS-CERT replied that they would advise the vendor07/19/18 - ZDI advised ICS-CERT of the intended 0-day date: 07/26/2018-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03

Trust: 11.2

title:WECON (wei control) LeviStudioU stack heap buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/136079

Trust: 0.6

sources: ZDI: ZDI-18-824 // ZDI: ZDI-18-828 // ZDI: ZDI-18-805 // ZDI: ZDI-18-850 // ZDI: ZDI-18-834 // ZDI: ZDI-18-827 // ZDI: ZDI-18-837 // ZDI: ZDI-18-860 // ZDI: ZDI-18-847 // ZDI: ZDI-18-840 // ZDI: ZDI-18-797 // ZDI: ZDI-18-817 // ZDI: ZDI-18-857 // ZDI: ZDI-18-997 // ZDI: ZDI-18-807 // ZDI: ZDI-18-870 // CNVD: CNVD-2018-14455

EXTERNAL IDS

db:NVDid:CVE-2018-10602

Trust: 13.6

db:ICS CERTid:ICSA-18-212-03

Trust: 2.2

db:BIDid:104935

Trust: 1.6

db:CNVDid:CNVD-2018-14455

Trust: 0.8

db:CNNVDid:CNNVD-201808-310

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-5905

Trust: 0.7

db:ZDIid:ZDI-18-824

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5909

Trust: 0.7

db:ZDIid:ZDI-18-828

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5870

Trust: 0.7

db:ZDIid:ZDI-18-805

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5931

Trust: 0.7

db:ZDIid:ZDI-18-850

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5915

Trust: 0.7

db:ZDIid:ZDI-18-834

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5908

Trust: 0.7

db:ZDIid:ZDI-18-827

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5918

Trust: 0.7

db:ZDIid:ZDI-18-837

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5941

Trust: 0.7

db:ZDIid:ZDI-18-860

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5928

Trust: 0.7

db:ZDIid:ZDI-18-847

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5921

Trust: 0.7

db:ZDIid:ZDI-18-840

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5801

Trust: 0.7

db:ZDIid:ZDI-18-797

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5898

Trust: 0.7

db:ZDIid:ZDI-18-817

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5938

Trust: 0.7

db:ZDIid:ZDI-18-857

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6067

Trust: 0.7

db:ZDIid:ZDI-18-997

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5872

Trust: 0.7

db:ZDIid:ZDI-18-807

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5970

Trust: 0.7

db:ZDIid:ZDI-18-870

Trust: 0.7

db:IVDid:E2F727B1-39AB-11E9-8FF0-000C29342CB1

Trust: 0.2

sources: IVD: e2f727b1-39ab-11e9-8ff0-000c29342cb1 // ZDI: ZDI-18-824 // ZDI: ZDI-18-828 // ZDI: ZDI-18-805 // ZDI: ZDI-18-850 // ZDI: ZDI-18-834 // ZDI: ZDI-18-827 // ZDI: ZDI-18-837 // ZDI: ZDI-18-860 // ZDI: ZDI-18-847 // ZDI: ZDI-18-840 // ZDI: ZDI-18-797 // ZDI: ZDI-18-817 // ZDI: ZDI-18-857 // ZDI: ZDI-18-997 // ZDI: ZDI-18-807 // ZDI: ZDI-18-870 // CNVD: CNVD-2018-14455 // CNNVD: CNNVD-201808-310 // NVD: CVE-2018-10602

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-212-03

Trust: 13.4

url:http://www.securityfocus.com/bid/104935

Trust: 1.6

sources: ZDI: ZDI-18-824 // ZDI: ZDI-18-828 // ZDI: ZDI-18-805 // ZDI: ZDI-18-850 // ZDI: ZDI-18-834 // ZDI: ZDI-18-827 // ZDI: ZDI-18-837 // ZDI: ZDI-18-860 // ZDI: ZDI-18-847 // ZDI: ZDI-18-840 // ZDI: ZDI-18-797 // ZDI: ZDI-18-817 // ZDI: ZDI-18-857 // ZDI: ZDI-18-997 // ZDI: ZDI-18-807 // ZDI: ZDI-18-870 // CNVD: CNVD-2018-14455 // CNNVD: CNNVD-201808-310 // NVD: CVE-2018-10602

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 10.5

sources: ZDI: ZDI-18-824 // ZDI: ZDI-18-828 // ZDI: ZDI-18-805 // ZDI: ZDI-18-850 // ZDI: ZDI-18-834 // ZDI: ZDI-18-827 // ZDI: ZDI-18-837 // ZDI: ZDI-18-860 // ZDI: ZDI-18-847 // ZDI: ZDI-18-840 // ZDI: ZDI-18-817 // ZDI: ZDI-18-857 // ZDI: ZDI-18-997 // ZDI: ZDI-18-807 // ZDI: ZDI-18-870

SOURCES

db:IVDid:e2f727b1-39ab-11e9-8ff0-000c29342cb1
db:ZDIid:ZDI-18-824
db:ZDIid:ZDI-18-828
db:ZDIid:ZDI-18-805
db:ZDIid:ZDI-18-850
db:ZDIid:ZDI-18-834
db:ZDIid:ZDI-18-827
db:ZDIid:ZDI-18-837
db:ZDIid:ZDI-18-860
db:ZDIid:ZDI-18-847
db:ZDIid:ZDI-18-840
db:ZDIid:ZDI-18-797
db:ZDIid:ZDI-18-817
db:ZDIid:ZDI-18-857
db:ZDIid:ZDI-18-997
db:ZDIid:ZDI-18-807
db:ZDIid:ZDI-18-870
db:CNVDid:CNVD-2018-14455
db:CNNVDid:CNNVD-201808-310
db:NVDid:CVE-2018-10602

LAST UPDATE DATE

2024-11-07T22:19:24.316000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-824date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-828date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-805date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-850date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-834date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-827date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-837date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-860date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-847date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-840date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-797date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-817date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-857date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-997date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-807date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-870date:2018-08-02T00:00:00
db:CNVDid:CNVD-2018-14455date:2018-08-02T00:00:00
db:CNNVDid:CNNVD-201808-310date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10602date:2020-08-28T13:57:20.203

SOURCES RELEASE DATE

db:IVDid:e2f727b1-39ab-11e9-8ff0-000c29342cb1date:2018-08-02T00:00:00
db:ZDIid:ZDI-18-824date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-828date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-805date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-850date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-834date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-827date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-837date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-860date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-847date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-840date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-797date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-817date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-857date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-997date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-807date:2018-07-26T00:00:00
db:ZDIid:ZDI-18-870date:2018-07-26T00:00:00
db:CNVDid:CNVD-2018-14455date:2018-08-02T00:00:00
db:CNNVDid:CNNVD-201808-310date:2018-08-13T00:00:00
db:NVDid:CVE-2018-10602date:2018-09-26T18:29:00.323