SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-704018667] VIPA Controls WinPLC7

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-02-23OtherVIPA ControlsAriele Caltabiano (kimiya) working with Trend Micros Zero Day Initiative reported this vulnerability. N/ACVE-2017-5177 N/AN/AN/A

Source

						
							
								
#
# VIPA Controls WinPLC7
#


### VULNERABLE VENDOR
VIPA Controls


### VULNERABLE PRODUCT
WinPLC7



### RESEARCHER
Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative reported this vulnerability.



### AFFECTED PRODUCTS

The following versions of WinPLC7, a PLC programming software, are affected:

WinPLC Versions 5.0.45.5921 and prior.



### IMPACT

Successful exploitation of this vulnerability could cause the software that the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.



### VULNERABILITY OVERVIEW

STACK-BASED BUFFER OVERFLOW CWE-121
A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer.
This could allow remote code execution.
CVE-2017-5177 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing
Countries/Areas Deployed: Africa, Americas, Asia, Australia, Europe, Middle East
Company Headquarters Location: Herzogenaurach, Germany




### MITIGATION

VIPA Controls recommends users install the patch located here:

https://we.tl/LXp2TOic2T