SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-524245783] Fatek Automation PLC Ethernet Module

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-03-14OtherFatekAn anonymous researcher working with Trend Micros Zero Day Initiative identified this vulnerability. N/ACVE-2017-6023 N/AN/AN/A

Source

						
							
								
#
# Fatek Automation PLC Ethernet Module
#


### VULNERABLE VENDOR
Fatek


### VULNERABLE PRODUCT
PLC Ethernet Module



### RESEARCHER
An anonymous researcher working with Trend Micro's Zero Day Initiative identified this vulnerability.



### AFFECTED PRODUCTS

The affected Ether_cfg software configuration tool runs on the following Fatek PLCs:

CBEH versions prior to V3.6 Build 170215,
CBE versions prior to V3.6 Build 170215,
CM55E versions prior to V3.6 Build 170215, and
CM25E versions prior to V3.6 Build 170215.



### IMPACT

Successful exploitation of this vulnerability could allow a remote attacker to crash the affected device or allow remote code execution.



### VULNERABILITY OVERVIEW

STACK-BASED BUFFER OVERFLOW CWE-121
The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.
CVE-2017-6023 has been assigned to this vulnerability.
A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND

Critical Infrastructure Sector(s): Commercial Facilities, Critical Manufacturing
Countries/Areas Deployed: Asia and Europe
Company Headquarters Location: Taiwan




### MITIGATION

Fatek has created a new version of the "ether_cfg software tool" to mitigate this vulnerability. This file is available to download at:

http://www.fatek.com/en/technical.php?act=software&catId=12


For more information about this vulnerability and how to mitigate it, please see the Fatek EtherConfig release note on the Fatek technical support web page:

http://www.fatek.com/en/technical.php?act=software&catId=1