Lucene search

[email protected]CVE-2017-6023

HistoryMar 16, 2017 - 4:59 a.m.

CVE-2017-6023

2017-03-1604:59:00

CWE-119

CWE-121

[email protected]

web.nvd.nist.gov

cve-2017-6023

fatek automation

plc

ethernet module

buffer overflow

vulnerability

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

0.028 Low

EPSS

Percentile

90.7%

JSON

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.

Affected configurations

NVD

Node

fatekplc_ethernet_moduleMatch-

AND

fatekethernet_module_configuration_tool_cbe_firmwareRange≤3.5

fatekethernet_module_configuration_tool_cbeh_firmwareRange≤3.5

fatekethernet_module_configuration_tool_cm25e_firmwareRange≤3.5

fatekethernet_module_configuration_tool_cm55e_firmwareRange≤3.5

CPENameOperatorVersion
fatek:ethernet_module_configuration_tool_cbe_firmwarefatek ethernet module configuration tool cbe firmwarele3.5
fatek:ethernet_module_configuration_tool_cbeh_firmwarefatek ethernet module configuration tool cbeh firmwarele3.5
fatek:ethernet_module_configuration_tool_cm25e_firmwarefatek ethernet module configuration tool cm25e firmwarele3.5
fatek:ethernet_module_configuration_tool_cm55e_firmwarefatek ethernet module configuration tool cm55e firmwarele3.5

CPE	Name	Operator	Version
fatek:ethernet_module_configuration_tool_cbe_firmware	fatek ethernet module configuration tool cbe firmware	le	3.5
fatek:ethernet_module_configuration_tool_cbeh_firmware	fatek ethernet module configuration tool cbeh firmware	le	3.5
fatek:ethernet_module_configuration_tool_cm25e_firmware	fatek ethernet module configuration tool cm25e firmware	le	3.5
fatek:ethernet_module_configuration_tool_cm55e_firmware	fatek ethernet module configuration tool cm55e firmware	le	3.5

CNA Affected

[
  {
    "product": "Fatek Automation PLC Ethernet Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fatek Automation PLC Ethernet Module"
      }
    ]
  }
]

References

www.securityfocus.com/bid/96892

ics-cert.us-cert.gov/advisories/ICSA-17-073-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for CVE-2017-6023

nvd1 cvelist1 ics1 prion1 zdi1