CVE-2017-6023 - OpenCVE

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:N/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fatek	Ethernet Module Configuration Tool Cbe Firmware Ethernet Module Configuration Tool Cbeh Firmware Ethernet Module Configuration Tool Cm25e Firmware Ethernet Module Configuration Tool Cm55e Firmware Plc Ethernet Module

Configuration 1 [-]

AND

cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware::::::::
	cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware::::::::
	cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware::::::::
	cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96892
https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-03-16T03:49:00

Updated: 2024-08-05T15:18:49.609Z

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6023

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-03-16T04:59:00.153

Modified: 2021-10-28T11:54:47.673

Link: CVE-2017-6023

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fatek Automation PLC Ethernet Module", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fatek Automation PLC Ethernet Module"}]}], "datePublic": "2017-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-03-16T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "96892", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96892"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-6023", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fatek Automation PLC Ethernet Module", "version": {"version_data": [{"version_value": "Fatek Automation PLC Ethernet Module"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121"}]}]}, "references": {"reference_data": [{"name": "96892", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96892"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.609Z"}, "title": "CVE Program Container", "references": [{"name": "96892", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96892"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-6023", "datePublished": "2017-03-16T03:49:00", "dateReserved": "2017-02-16T00:00:00", "dateUpdated": "2024-08-05T15:18:49.609Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "86322EB5-ED30-4FC3-9810-CC11F38246A8", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5962575-2692-4BE9-A2ED-0876266FE32D", "versionEndIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0EF5A0F-70CF-45DA-9059-71897B80CA67", "versionEndIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E315B2C5-B4F7-4E40-BB34-8DF025DA6E21", "versionEndIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0F51CA0-E22C-4200-96A5-E726766F9072", "versionEndIncluding": "3.5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."}, {"lang": "es", "value": "Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuraci\u00f3n del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. Se ha identificado un desbordamiento de b\u00fafer basado en pila, lo que podr\u00eda permitir ejecuci\u00f3n remota de c\u00f3digo o ca\u00edda del dispositivo afectado."}], "id": "CVE-2017-6023", "lastModified": "2021-10-28T11:54:47.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-16T04:59:00.153", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securityfocus.com/bid/96892"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}