WECON Technology Alert
1667Warning Date
Severity Level
Warning Number
Target Sector
3 November, 2021
● High
2021-3788
Energy - Water and Utilities - Manufacturing
Description:
WECON Technology has released a security alert to address multiple vulnerabilities in the following product:
- PI Studio
- PI Studio HMI:
- Versions 4.1.9 and prior
- PI Studio:
- Versions 4.2.125 and prior
- PI Studio HMI:
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Information Exposure
- Code execution
- Buffer Overflow
Best practice and Recommendations:
The CERT team encourages users to apply best practices until WECON Technology release the required update:
- Minimizing network exposure for all control system devices and/or systems
- Locating control system networks and devices behind firewalls and isolating them from the enterprise/business network
- When remote access is required, use secure methods such as virtual private networks (VPNs)