Fatek Automation created a new version of the “ether_cfg software tool” to mitigate a stack-based buffer overflow vulnerability in its PLC Ethernet Module, according to a report with ICS-CERT.
Successful exploitation of this remotely exploitable vulnerability could allow a remote attacker to crash the affected device or allow remote code execution. An anonymous researcher working with Trend Micro’s Zero Day Initiative identified this vulnerability.
The affected Ether_cfg software configuration tool runs on the following Fatek PLCs:
• CBEH versions prior to V3.6 Build 170215
• CBE versions prior to V3.6 Build 170215
• CM55E versions prior to V3.6 Build 170215
• CM25E versions prior to V3.6 Build 170215
No known public exploits specifically target this vulnerability. An attacker with low skill level would be able to leverage the vulnerability.
The stack-based buffer overflow vulnerability ended up identified, which may allow remote code execution or crash the affected device. CVE-2017-6023 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.
The product sees use mainly in the commercial facilities and in critical manufacturing. It also sees action in Asia and in Europe.
Taiwan-based Fatek created a new version of the “ether_cfg software tool” to mitigate this vulnerability. Click here to download the file.
For more information about this vulnerability and how to mitigate it, see the Fatek EtherConfig release note on the Fatek technical support web page.