VIPA Controls created a patch to mitigate a stack buffer overflow in its PLC programming software, WinPLC7, according to a report with ICS-CERT.
WinPLC Versions 22.214.171.12421 and prior suffers from the remotely exploitable vulnerability, discovered by Ariele Caltabiano (kimiya) who worked with Trend Micro’s Zero Day Initiative to report this vulnerability.
Successful exploitation of this vulnerability could cause the software the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.
In the vulnerability, there is a stack-based buffer overflow vulnerability where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.
No known public exploits specifically target this vulnerability, which would take a low skill level to exploit.
CVE-2017-5177 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
WinPLC7 sees action in the commercial facilities and the critical manufacturing sector. The software sees action in Africa, Americas, Asia, Australia, Europe, and the Middle East
Herzogenaurach, Germany-based VIPA Controls recommends users install the patch.