Vulnerability-Lookup

CVE-2017-6023 (GCVE-0-2017-6023)

Vulnerability from cvelistv5 – Published: 2017-03-16 03:49 – Updated: 2024-08-05 15:18

Summary

Severity

No CVSS data available.

CWE

CWE-121

Assigner

icscert

References

2 references

URL	Tags
http://www.securityfocus.com/bid/96892	vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Fatek Automation PLC Ethernet Module	Affected: Fatek Automation PLC Ethernet Module

Date Public

2017-03-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:18:49.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96892",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96892"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fatek Automation PLC Ethernet Module",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fatek Automation PLC Ethernet Module"
            }
          ]
        }
      ],
      "datePublic": "2017-03-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-16T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "96892",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96892"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fatek Automation PLC Ethernet Module",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fatek Automation PLC Ethernet Module"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96892",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96892"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-6023",
    "datePublished": "2017-03-16T03:49:00.000Z",
    "dateReserved": "2017-02-16T00:00:00.000Z",
    "dateUpdated": "2024-08-05T15:18:49.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-6023",
      "date": "2026-05-27",
      "epss": "0.03955",
      "percentile": "0.88519"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.5\", \"matchCriteriaId\": \"B5962575-2692-4BE9-A2ED-0876266FE32D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.5\", \"matchCriteriaId\": \"B0EF5A0F-70CF-45DA-9059-71897B80CA67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.5\", \"matchCriteriaId\": \"E315B2C5-B4F7-4E40-BB34-8DF025DA6E21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.5\", \"matchCriteriaId\": \"D0F51CA0-E22C-4200-96A5-E726766F9072\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86322EB5-ED30-4FC3-9810-CC11F38246A8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuraci\\u00f3n del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. Se ha identificado un desbordamiento de b\\u00fafer basado en pila, lo que podr\\u00eda permitir ejecuci\\u00f3n remota de c\\u00f3digo o ca\\u00edda del dispositivo afectado.\"}]",
      "id": "CVE-2017-6023",
      "lastModified": "2024-11-21T03:28:55.470",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-03-16T04:59:00.153",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/96892\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/96892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6023\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-03-16T04:59:00.153\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuraci\u00f3n del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. Se ha identificado un desbordamiento de b\u00fafer basado en pila, lo que podr\u00eda permitir ejecuci\u00f3n remota de c\u00f3digo o ca\u00edda del dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.5\",\"matchCriteriaId\":\"B5962575-2692-4BE9-A2ED-0876266FE32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.5\",\"matchCriteriaId\":\"B0EF5A0F-70CF-45DA-9059-71897B80CA67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.5\",\"matchCriteriaId\":\"E315B2C5-B4F7-4E40-BB34-8DF025DA6E21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.5\",\"matchCriteriaId\":\"D0F51CA0-E22C-4200-96A5-E726766F9072\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86322EB5-ED30-4FC3-9810-CC11F38246A8\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96892\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/96892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CNVD-2017-05066

Vulnerability from cnvd - Published: 2017-04-14

Title

Fatek Automation PLC Ethernet Module堆栈缓冲区溢出漏洞

Description

Fatek Automation PLC是永宏（Fatek Automation）公司研发的一款控制器。 Fatek Automation PLC Ethernet Module存在基于堆栈的缓冲区溢出漏洞。远程攻击者可利用此漏洞在受影响应用程序的上下文中执行任意代码，还可导致拒绝服务。

Severity

高

Patch Name

Fatek Automation PLC Ethernet Module堆栈缓冲区溢出漏洞的补丁

Patch Description

Fatek Automation PLC是永宏（Fatek Automation）公司研发的一款控制器。 Fatek Automation PLC Ethernet Module存在基于堆栈的缓冲区溢出漏洞。远程攻击者可利用此漏洞在受影响应用程序的上下文中执行任意代码，还可导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01

Reference

http://www.securityfocus.com/bid/96892

Impacted products

Name
['Fatek Automation PLC Ethernet Module CM55E 0', 'Fatek Automation PLC Ethernet Module CBE 0', 'Fatek Automation PLC Ethernet Module CBEH 0', 'Fatek Automation PLC Ethernet Module CM25E 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96892"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6023",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6023"
    }
  },
  "description": "Fatek Automation PLC\u662f\u6c38\u5b8f\uff08Fatek Automation\uff09\u516c\u53f8\u7814\u53d1\u7684\u4e00\u6b3e\u63a7\u5236\u5668\u3002\r\n\r\nFatek Automation PLC Ethernet Module\u5b58\u5728\u57fa\u4e8e\u5806\u6808\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8fd8\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "An anonymous researcher working with Trend Micro\u0027s Zero Day Initiative",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-073-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05066",
  "openTime": "2017-04-14",
  "patchDescription": "Fatek Automation PLC\u662f\u6c38\u5b8f\uff08Fatek Automation\uff09\u516c\u53f8\u7814\u53d1\u7684\u4e00\u6b3e\u63a7\u5236\u5668\u3002\r\n\r\nFatek Automation PLC Ethernet Module\u5b58\u5728\u57fa\u4e8e\u5806\u6808\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8fd8\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fatek Automation PLC Ethernet Module\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fatek Automation PLC Ethernet Module CM55E 0",
      "Fatek Automation PLC Ethernet Module CBE 0",
      "Fatek Automation PLC Ethernet Module CBEH 0",
      "Fatek Automation PLC Ethernet Module CM25E 0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/96892",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-27",
  "title": "Fatek Automation PLC Ethernet Module\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2017-6023

Vulnerability from fkie_nvd - Published: 2017-03-16 04:59 - Updated: 2026-05-13 00:24

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/96892	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96892	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
fatek	ethernet_module_configuration_tool_cbe_firmware	*
fatek	ethernet_module_configuration_tool_cbeh_firmware	*
fatek	ethernet_module_configuration_tool_cm25e_firmware	*
fatek	ethernet_module_configuration_tool_cm55e_firmware	*
fatek	plc_ethernet_module	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5962575-2692-4BE9-A2ED-0876266FE32D",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EF5A0F-70CF-45DA-9059-71897B80CA67",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E315B2C5-B4F7-4E40-BB34-8DF025DA6E21",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F51CA0-E22C-4200-96A5-E726766F9072",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86322EB5-ED30-4FC3-9810-CC11F38246A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuraci\u00f3n del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. Se ha identificado un desbordamiento de b\u00fafer basado en pila, lo que podr\u00eda permitir ejecuci\u00f3n remota de c\u00f3digo o ca\u00edda del dispositivo afectado."
    }
  ],
  "id": "CVE-2017-6023",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-16T04:59:00.153",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96892"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JWFC-GWH4-6QMP

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-16T04:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.",
  "id": "GHSA-jwfc-gwh4-6qmp",
  "modified": "2022-05-13T01:05:26Z",
  "published": "2022-05-13T01:05:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6023"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96892"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-6023

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6023

Aliases

CVE-2017-6023

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6023",
    "description": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.",
    "id": "GSD-2017-6023"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6023"
      ],
      "details": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.",
      "id": "GSD-2017-6023",
      "modified": "2023-12-13T01:21:09.537733Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6023",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fatek Automation PLC Ethernet Module",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Fatek Automation PLC Ethernet Module"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-121"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "96892",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96892"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6023"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
            },
            {
              "name": "96892",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/96892"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 8.5,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-10-28T11:54Z",
      "publishedDate": "2017-03-16T04:59Z"
    }
  }
}

ICSA-17-073-01

Vulnerability from csaf_cisa - Published: 2017-03-14 00:00 - Updated: 2017-03-14 00:00

Summary

FATEK Automation PLC Ethernet Module

Notes

CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: ATTENTION: Remotely exploitable. Low skill level to exploit.

Countries/areas deployed: Asia and Europe

Company headquarters location: Taiwan

Recommended Practices: NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices: ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices: Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability: No known public exploits specifically target this vulnerability.

CVE-2017-6023

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 4 products

Product	Version	Remediation
CBEH: versions prior to V3.6 Build 170215 FATEK Automation / CBEH	< 3.6 Build 170215	Mitigation fix Mitigation fix
CM25E: versions prior to V3.6 Build 170215 FATEK Automation / CM25E	< 3.6 Build 170215	Mitigation fix Mitigation fix
CBE: versions prior to V3.6 Build 170215 FATEK Automation / CBE	< 3.6 Build 170215	Mitigation fix Mitigation fix
CM55E: versions prior to V3.6 Build 170215 FATEK Automation / CM55E	< 3.6 Build 170215	Mitigation fix Mitigation fix

References

5 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/news-events/ics-advisories/i…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external

Acknowledgments

Trend Micro's Zero Day Initiative an anonymous party

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "an anonymous party"
        ],
        "organization": "Trend Micro\u0027s Zero Day Initiative",
        "summary": "identifying this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable. Low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Asia and Europe",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-073-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-073-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-073-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-073-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-073-01"
      }
    ],
    "title": "FATEK Automation PLC Ethernet Module",
    "tracking": {
      "current_release_date": "2017-03-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-073-01",
      "initial_release_date": "2017-03-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-14T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-073-01 Fatek Automation PLC Ethernet Module"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CBEH: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CBEH"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CM25E: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CM25E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CBE: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CBE"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CM55E: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CM55E"
          }
        ],
        "category": "vendor",
        "name": "FATEK Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6023",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.CVE-2017-6023 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6023"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "FATEK Automation has created a new version of the \u201cether_cfg software tool\u201d to mitigate this vulnerability. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.fatek.com/en/technical.php?act=software\u0026catId=12"
        },
        {
          "category": "mitigation",
          "details": "For more information about this vulnerability and how to mitigate it, please see the Fatek EtherConfig release note on the Fatek technical support web page",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.fatek.com/en/technical.php?act=software\u0026catId=1"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

VAR-201703-1368

Vulnerability from variot - Updated: 2023-12-18 12:44

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. plural Fatek Automation PLC Ethernet Module Work on Ether_cfg The software configuration tool contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ether_cfg.exe. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Failed attempts will likely cause a denial-of-service condition

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1368",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ethernet module configuration tool cbeh",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cm25e",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cm55e",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cbe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "automation plc ethernet module cm55e",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "automation plc ethernet module cbe",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "automation plc ethernet module cbeh",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "automation plc ethernet module cm25e",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "plc ethernet module cbe",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module cbeh",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module cm25e",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module cm55e",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module configuration tool",
        "scope": null,
        "trust": 0.7,
        "vendor": "fatek automation",
        "version": null
      },
      {
        "model": "ethernet module configuration tool cbe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cm55e",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cbeh",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cm25e",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "automation plc ethernet module cm55e build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": "automation plc ethernet module cm25e build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": "automation plc ethernet module cbeh build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": "automation plc ethernet module cbe build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cbe",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cbeh",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cm25e",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cm55e",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anonymous",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2017-6023",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-6023",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-6023",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-05066",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "67382430-e896-4ad0-9272-f55e1fb83a21",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-114226",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6023",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6023",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "ZDI",
            "id": "CVE-2017-6023",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05066",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-589",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "67382430-e896-4ad0-9272-f55e1fb83a21",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114226",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. plural Fatek Automation PLC Ethernet Module Work on Ether_cfg The software configuration tool contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ether_cfg.exe.  The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.  An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Failed attempts will likely cause a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6023",
        "trust": 4.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-073-01",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "96892",
        "trust": 2.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3706",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "67382430-E896-4AD0-9272-F55E1FB83A21",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "id": "VAR-201703-1368",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      }
    ],
    "trust": 1.65
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:44:40.787000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.fatek.com/en/"
      },
      {
        "title": "Fatek Automation has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-073-01"
      },
      {
        "title": "Patch for Fatek Automation PLC Ethernet Module Stack Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/92381"
      },
      {
        "title": "Multiple Fatek Automation PLC Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99645"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-073-01"
      },
      {
        "trust": 2.9,
        "url": "http://www.securityfocus.com/bid/96892"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6023"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6023"
      },
      {
        "trust": 0.3,
        "url": "http://www.fatek.com/en/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-22T00:00:00",
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "date": "2017-04-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "date": "2017-03-14T00:00:00",
        "db": "BID",
        "id": "96892"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "date": "2017-03-16T04:59:00.153000",
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "date": "2017-02-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "date": "2017-04-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "date": "2017-03-16T01:02:00",
        "db": "BID",
        "id": "96892"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "date": "2021-10-28T11:54:47.673000",
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "date": "2021-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fatek Automation PLC Ethernet Module Stack Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6023 (GCVE-0-2017-6023)

CNVD-2017-05066

FKIE_CVE-2017-6023

GHSA-JWFC-GWH4-6QMP

GSD-2017-6023

ICSA-17-073-01

VAR-201703-1368

Tags

Sightings

Nomenclature