{"containers": {"cna": {"affected": [{"product": "WECON LeviStudioU", "vendor": "ICS-CERT", "versions": [{"status": "affected", "version": "LeviStudioU Versions 1.8.56 and prior"}]}], "datePublic": "2019-02-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "Stack-based buffer overflow CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-02-13T10:57:01.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "106861", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106861"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2019-02-05T00:00:00", "ID": "CVE-2019-6537", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WECON LeviStudioU", "version": {"version_data": [{"version_value": "LeviStudioU Versions 1.8.56 and prior"}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stack-based buffer overflow CWE-121"}]}]}, "references": {"reference_data": [{"name": "106861", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106861"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:21.496Z"}, "title": "CVE Program Container", "references": [{"name": "106861", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106861"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6537", "datePublished": "2019-02-13T00:00:00.000Z", "dateReserved": "2019-01-22T00:00:00.000Z", "dateUpdated": "2024-09-16T23:46:28.780Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:we-con:levistudiou:*:*:*:*:*:*:*:*", "matchCriteriaId": "42A79D71-9BF0-4D3E-B8FC-B92DF51590F3", "versionEndIncluding": "1.8.56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC."}, {"lang": "es", "value": "Podr\u00edan explotarse m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer basado en pila en WECON LeviStudioU, en versiones 1.8.56 y anteriores, al analizar cadenas en archivos de proyecto. El proceso no valida correctamente la longitud de los datos proporcionados por el usuario antes de copiarlos en un b\u00fafer basado en pila con un tama\u00f1o determinado. Un atacante podr\u00eda aprovecharse de estas vulnerabilidades para ejecutar c\u00f3digo en el contexto del actual proceso. Mat Powell, Ziad Badawi y Natnael Samson, que trabajan en la \"Zero Day Initiative\" de Trend Micro, reportaron estas vulnerabilidades al NCCIC."}], "id": "CVE-2019-6537", "lastModified": "2024-11-21T04:46:39.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-13T00:29:00.657", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106861"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}