First published: Wed Feb 13 2019(Updated: )
Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
We-con Levistudiou | <=1.8.56 | |
<=1.8.56 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-6537.
The severity of CVE-2019-6537 is high.
The affected software for CVE-2019-6537 is WECON LeviStudioU version 1.8.56 and prior.
The vulnerability CVE-2019-6537 can be exploited when parsing strings within project files, by providing user-supplied data of an improper length.
Yes, there are references available for CVE-2019-6537. You can find them at the following links: [http://www.securityfocus.com/bid/106861](http://www.securityfocus.com/bid/106861) and [https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03](https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03).