CVE-2017-6023 – Fatek Automation PLC Ethernet Module Configuration Tool Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-6023

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuración del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. • http://www.securityfocus.com/bid/96892 https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •