Your one-stop web resource providing safety and security information to manufacturers

VIPA Controls created a patch to mitigate a stack buffer overflow in its PLC programming software, WinPLC7, according to a report with ICS-CERT.

WinPLC Versions and prior suffers from the remotely exploitable vulnerability, discovered by Ariele Caltabiano (kimiya) who worked with Trend Micro’s Zero Day Initiative to report this vulnerability.

Siemens Updates DROWN Fix
Siemens Clears 2 RUGGEDCOM Holes
Rockwell Fixes Parser Buffer Overflow
Advantech Clears WebAccess Vulnerability

Successful exploitation of this vulnerability could cause the software the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.

In the vulnerability, there is a stack-based buffer overflow vulnerability where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.

Cyber Security

No known public exploits specifically target this vulnerability, which would take a low skill level to exploit.

CVE-2017-5177 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

WinPLC7 sees action in the commercial facilities and the critical manufacturing sector. The software sees action in Africa, Americas, Asia, Australia, Europe, and the Middle East

Herzogenaurach, Germany-based VIPA Controls recommends users install the patch.

Pin It on Pinterest

Share This