Intrusion Prevention



This indicates an attack attempt against a Stack Buffer Overflow vulnerability in WECON PIStudio.
The vulnerability is due to an error when the vulnerable software handles a crafted PIStudio HSC screen configuration file. A remote attacker can trick an unsuspecting user to open a screen configuration file and exploit this to execute arbitrary code under the security context of the user.

Affected Products

Wecon PI Studio HMI Project Programmer 4.1.9 and prior
Wecon PIStudio 4.2.34 and prior


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

The vendor has not released an advisory or a patch to address the vulnerability at this time.

Other References

ICSA-18-277-01 ZDI-18-1109