彙總 we-con 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位、記憶體損壞與XXE 相關,可能在 軟體部署與生產負載 場景中帶來 記憶體損壞與應用程式崩潰 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-23157 | WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | [email protected] | 7.8 | 8.23% | 2022-01-14 | 2026-06-16 |
| CVE-2021-23138 | WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | [email protected] | 7.8 | 9.29% | 2022-01-14 | 2026-06-16 |
| CVE-2021-43983 | WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code. | [email protected] | 7.8 | 2.74% | 2021-12-13 | 2026-06-17 |
| CVE-2021-42707 | PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | [email protected] | 7.8 | 0.91% | 2021-11-22 | 2026-06-17 |
| CVE-2021-42705 | PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. | [email protected] | 7.8 | 0.97% | 2021-11-22 | 2026-06-17 |
| CVE-2020-16243 | Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | [email protected] | 7.8 | 12.01% | 2021-02-23 | 2026-06-16 |
| CVE-2020-25199 | A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | [email protected] | 7.8 | 1.24% | 2020-12-09 | 2026-06-16 |
| CVE-2020-25181 | WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. | [email protected] | 8.8 | 1.97% | 2020-12-01 | 2026-06-16 |
| CVE-2020-25177 | WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. | [email protected] | 8.8 | 1.75% | 2020-12-01 | 2026-06-16 |
| CVE-2020-25186 | An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | [email protected] | 7.5 | 1.14% | 2020-10-22 | 2026-06-16 |
| CVE-2019-18236 | Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | [email protected] | 7.8 | 2.79% | 2019-12-23 | 2026-06-16 |
| CVE-2018-14814 | WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object. | [email protected] | 6.5 | 1.47% | 2019-03-27 | 2026-06-16 |
| CVE-2019-6541 | A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | [email protected] | 7.8 | 1.59% | 2019-02-12 | 2026-06-16 |
| CVE-2019-6539 | Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | [email protected] | 7.8 | 2.11% | 2019-02-12 | 2026-06-16 |
| CVE-2019-6537 | Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these | [email protected] | 7.8 | 1.90% | 2019-02-12 | 2026-06-16 |
| CVE-2018-10614 | An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. | [email protected] | 8.8 | 1.06% | 2018-10-09 | 2026-06-16 |
| CVE-2018-10610 | An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files. | [email protected] | 8.8 | 1.12% | 2018-10-09 | 2026-06-16 |
| CVE-2018-17889 | In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure. | [email protected] | 5.3 | 1.25% | 2018-10-08 | 2026-06-16 |
| CVE-2018-14818 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. | [email protected] | 9.8 | 3.49% | 2018-10-08 | 2026-06-16 |
| CVE-2018-14810 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator. | [email protected] | 8.8 | 1.70% | 2018-10-08 | 2026-06-16 |