CVE-2017-6023
16.03.2017, 04:59
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fatek | ethernet_module_configuration_tool_cbe_firmware | 𝑥 ≤ 3.5 |
| fatek | ethernet_module_configuration_tool_cbeh_firmware | 𝑥 ≤ 3.5 |
| fatek | ethernet_module_configuration_tool_cm25e_firmware | 𝑥 ≤ 3.5 |
| fatek | ethernet_module_configuration_tool_cm55e_firmware | 𝑥 ≤ 3.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.