6 matches found
CVE-2021-42705
CVE-2021-42705 affects WECON PLC Editor (Versions 1.3.8 and earlier). The vulnerability is a stack-based buffer overflow occurring while processing WCP/project files, leading to arbitrary code execution in the context of the affected process. Public sources (ZDI/CISA ICS advisory) describe the fl...
CVE-2021-42707
PLC Editor (WECON) versions 1.3.8 and earlier are affected by an out-of-bounds write in the WCP/project-file parsing flow (CWE-787), which may allow arbitrary code execution. Several sources describe this as memory corruption during WCP file parsing; some references note remote-code-execution pot...
CVE-2019-18236
CVE-2019-18236 affects WECON PLC Editor (Version 1.3.5_20190129). The vulnerability is a stack-based buffer overflow in the PLC Editor when processing project files (notably WCP data elements such as PortPath/Port), caused by handling of fixed-length buffers. Successful exploitation could allow c...
CVE-2020-25181
Affected product: WECON PLC Editor (Versions 1.3.8 and prior). CVE-2020-25181 is a heap-based buffer overflow in the WCP file parsing path that may lead to arbitrary code execution. ZDI advisories describe remote code execution requiring user interaction (visit a malicious page or open a maliciou...
CVE-2018-14792
Affected product: WECON PLC Editor (version 1.3.3U). The CVE-2018-14792 entry describes a stack-based buffer overflow when processing project files, potentially allowing code execution within the current process. Details from connected sources identify the vulnerability as CWE-121 with a CVSS v3 ...
CVE-2020-25177
CVE-2020-25177 affects WECON PLC Editor Versions 1.3.8 and prior. The vulnerability is a stack-based buffer overflow in WCP file parsing that may allow arbitrary code execution. ZDI describes it as remote code execution requiring user interaction via malicious WCP content, due to inadequate lengt...