EZAutomation EZ PLC Editor (ICSA-19-246-02)

The NCCIC has published an advisory on an improper restriction of operations within the bounds of a memory buffer vulnerability in EZAutomation EZ PLC Editor. Versions 1.8.41 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. EZAutomation recommends users update to Version 1.9.0 or later and, to further reduce the risk, to use project files from known sources. The NCCIC also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.