SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-506753414] Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-12-15PLCFatekTrend Micro Zero Day Initiative (ZDI)N/ACVE-2016-8377 N/AN/AN/A

Source

						
							
								
#
# Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability
#


### OVERVIEW

A researcher working with Trend Micro Zero Day Initiative (ZDI) has identified a stack-based buffer overflow vulnerability in Fatek Automations PLC WinProladder application. Fatek Automation (Fatek) has not produced an update to mitigate this vulnerability. ZDI has coordinated with NCCIC/ICS-CERT. ZDI will publish the PLC WinProladder vulnerability.
This vulnerability could be exploited remotely.



### AFFECTED PRODUCTS

The following PLC WinProladder version is affected:
PLC WinProladder Version 3.11 Build 14701



### IMPACT

Successful exploitation of the reported vulnerability may allow an attacker to perform a number of malicious actions including arbitrary code execution.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.



### BACKGROUND

Fatek is a Taiwan-based company that maintains distribution offices in several countries around the world.
The affected product, PLC WinProladder, is a PLC programming software. According to Fatek, this product is deployed across several sectors including Commercial Facilities and Critical Manufacturing. Fatek estimates that this product is used primarily in Europe and Asia.



### VULNERABILITY CHARACTERIZATION

# VULNERABILITY OVERVIEW

STACK-BASED BUFFER OVERFLOWa
A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution.
CVE-2016-8377b has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)




### VULNERABILITY DETAILS

# EXPLOITABILITY

This vulnerability could be exploited remotely.



# EXISTENCE OF EXPLOIT

No known public exploits specifically target this vulnerability.



# DIFFICULTY

An attacker with a low skill would be able to exploit this vulnerability.



### MITIGATION

Fatek has not responded to requests to work with