First published: Mon Dec 13 2021(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Alarm tags within UMP files. When parsing the bitaddr attribute, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
We-con Levistudiou | <=2019-09-21 | |
WECON LeviStudioU | ||
WECON Technology Co., Ltd (WECON) LeviStudioU: Versions 2019-09-21 and prior | ||
<=2019-09-21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43983 has a severity rating that indicates a high risk due to its potential for remote code execution.
To fix CVE-2021-43983, ensure to update WECON LeviStudioU to a version released after September 21, 2019.
CVE-2021-43983 affects installations of WECON LeviStudioU prior to version 2019-09-21.
CVE-2021-43983 is a remote code execution vulnerability that requires user interaction to exploit.
For CVE-2021-43983 to be exploited, the target user must visit a malicious webpage or open a malicious file.