WECON is specialized in human-machine interfaces (HMIs), programmable logic controllers (PLCs), and industrial PCs. The company has its products implemented all around the world, particularly in the critical manufacturing, energy, and water and wastewater sectors.
The bad news is that a significant number of vulnerabilities have been found those WECON, and more than that vendor has been slow in releasing patches.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
A recent cybersecurity report reveals that several vulnerabilities were discovered in WECON’s PI Studio HMI software:
– a critical stack-based buffer overflow that allows remote code execution
– a high severity out-of-bounds write bug that also allows code execution
– two medium severity information disclosure flaws.
WECON has confirmed the vulnerabilities, but it has yet to release any patches.
This isn’t the first time when WECON products are affected by flaws; in the past, their product included a medium severity flaw in the company’s PLC Editor ladder logic software, and several high and medium severity bugs in LeviStudio applications.
A majority of the security holes allow remote code execution, but since they are related to how the affected applications handle certain file types, the hacker would need to convince the targeted user to open a specially crafted file in order to trigger the exploit.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.