// For flags

CVE-2017-6023

Fatek Automation PLC Ethernet Module Configuration Tool Stack-based Buffer Overflow Remote Code Execution Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.

Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuración del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. Se ha identificado un desbordamiento de búfer basado en pila, lo que podría permitir ejecución remota de código o caída del dispositivo afectado.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PLC Ethernet Module Configuration Tool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within ether_cfg.exe. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.

*Credits: Anonymous
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-02-16 CVE Reserved
  • 2017-03-16 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-11-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-121: Stack-based Buffer Overflow
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/bid/96892 Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fatek
Search vendor "Fatek"
 Ethernet Module Configuration Tool Cbe Firmware
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cbe Firmware"
 <= 3.5
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cbe Firmware" and version " <= 3.5"
-
Affected
in Fatek
Search vendor "Fatek"
 Plc Ethernet Module
Search vendor "Fatek" for product "Plc Ethernet Module"
--
Safe
Fatek
Search vendor "Fatek"
 Ethernet Module Configuration Tool Cbeh Firmware
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cbeh Firmware"
 <= 3.5
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cbeh Firmware" and version " <= 3.5"
-
Affected
in Fatek
Search vendor "Fatek"
 Plc Ethernet Module
Search vendor "Fatek" for product "Plc Ethernet Module"
--
Safe
Fatek
Search vendor "Fatek"
 Ethernet Module Configuration Tool Cm25e Firmware
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cm25e Firmware"
 <= 3.5
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cm25e Firmware" and version " <= 3.5"
-
Affected
in Fatek
Search vendor "Fatek"
 Plc Ethernet Module
Search vendor "Fatek" for product "Plc Ethernet Module"
--
Safe
Fatek
Search vendor "Fatek"
 Ethernet Module Configuration Tool Cm55e Firmware
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cm55e Firmware"
 <= 3.5
Search vendor "Fatek" for product "Ethernet Module Configuration Tool Cm55e Firmware" and version " <= 3.5"
-
Affected
in Fatek
Search vendor "Fatek"
 Plc Ethernet Module
Search vendor "Fatek" for product "Plc Ethernet Module"
--
Safe