SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-274739396] Fatek Automation Designer Memory Corruption Vulnerabilities

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-10-13HMI SoftwarFatek Automation PM Designer, Automation FV DesignerAriele Caltabiano (kimiya)N/ACVE-2016-5796, CVE-2016-5798, CVE-2016-5799N/AN/AN/A

Source

						
							
								
#
# Fatek Automation Designer Memory Corruption Vulnerabilities
#


### OVERVIEW

Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative (ZDI) has identified a heap memory corruption and two stack buffer overflow vulnerabilities in Fatek's Automation PM and FV Designer applications. Fatek has not produced an update to mitigate these vulnerabilities. ZDI has coordinated with NCCIC/ICS-CERT. ZDI has published the PM Designer vulnerability.

These vulnerabilities could be exploited remotely.




### AFFECTED PRODUCTS

The following Fatek products are affected:

Automation PM Designer V3 Version 2.1.2.2, and
Automation FV Designer Version 1.2.8.0





### IMPACT

Successful exploitation of the reported vulnerabilities may allow an attacker to perform a number of malicious actions including denial of service and arbitrary code execution.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.






### BACKGROUND

Fatek is a Taiwan-based company that maintains distribution offices in several countries around the world, including the US, UK, Netherlands, Italy, India, Germany, France, Czech Republic, China, and Australia.

The affected products, Automation PM Designer and Automation FV Designer, are HMI programming software. According to Fatek, these products are deployed across several sectors including Commercial Facilities and Critical Manufacturing. Fatek estimates that these products are used primarily in Europe and Asia.





### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW


IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER

Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code.
CVE-2016-5796 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).


STACK-BASED BUFFER OVERFLOW

By sending additional valid packets, an attacker could trigger an overflow and cause a crash.
CVE-2016-5798 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).


BUFFER OVERFLOW

A malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server.
CVE-2016-5799 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).






### VULNERABILITY DETAILS


# EXPLOITABILITY

These vulnerabilities could be exploited remotely.


# EXISTENCE OF EXPLOIT

No known public exploits specifically target these vulnerabilities.


# DIFFICULTY

An attacker with a low skill would be able to exploit these vulnerabilities.





### MITIGATION

Fatek has not responded to requests to work with ICS-CERT to mitigate these vulnerabilities.
ZDI has published the PM Designer vulnerability. It is available at:

http://www.zerodayinitiative.com/advisories/ZDI-16-525/