IBHsoftec created a new version to mitigate a buffer overflow vulnerability in its S7-SoftPLC, according to a report with ICS-CERT.
This vulnerability, discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative, is remotely exploitable.
S7-SoftPLC versions prior to 4.12b suffer from the issue.
An attacker who exploits this vulnerability may be able to affect integrity, confidentiality, and availability of the target device.
IBHsoftec GmbH is a Germany-based company that sells products through distributors worldwide.
S7-SoftPLC, is a software program meant to replace a hardware PLC. These products see action across several sectors including critical manufacturing, energy, and water and wastewater systems. IBHsoftec said these products see use primarily in Europe, Asia, and the United States.
Object memory can read a network packet that is larger than the space that is available.
CVE-2016-8364 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.