CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2017-6023 – Fatek Automation PLC Ethernet Module Configuration Tool Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6023
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuración del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. • http://www.securityfocus.com/bid/96892 https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.0EPSS: 6%CPEs: 2EXPL: 1CVE-2016-8377 – Fatek Automation PLC WinProladder Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8377
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. Ha sido descubierto un problema en Fatek Automation PLC WinProladder Version 3.11 Build 14701. Una vulnerabilidad de desbordamiento de búfer basado en pila existe cuando la aplicación de software se conecta a un servidor malicioso, resultando en un desbordamiento de búfer en pila. • https://www.exploit-db.com/exploits/42700 http://www.securityfocus.com/bid/94938 https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5796 – Fatek Automation Communication Server Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5796
An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer. Ha sido descubierto un problema en Fatek Automation PM Designer V3 Versión 2.1.2.2 y Automation FV Designer Versión 1.2.8.0. El envío de paquetes válidos adicionales podría permitir al atacante provocar un bloqueo o ejecutar código arbitrario, debido a la restricción inadecuada de operaciones dentro de los límites de un búfer de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation Communication Server. • http://www.securityfocus.com/bid/93105 https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5798 – Fatek Automation FvDesigner Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5798
An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. Ha sido descubierto un problema en Fatek Automation PM Designer V3 Versión 2.1.2.2 y Automation FV Designer Versión 1.2.8.0. Enviando paquetes adicionales válidos, un atacante podría desencadenar un desbordamiento de búfer basado en pila y provocar una caída. • http://www.securityfocus.com/bid/93105 https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •