Details of VAR-201703-1368

ID

VAR-201703-1368

CVE

CVE-2017-6023

TITLE

Fatek Automation PLC Ethernet Module Stack Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 67382430-e896-4ad0-9272-f55e1fb83a21 // CNVD: CNVD-2017-05066

DESCRIPTION

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. plural Fatek Automation PLC Ethernet Module Work on Ether_cfg The software configuration tool contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ether_cfg.exe. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Failed attempts will likely cause a denial-of-service condition

Trust: 3.33

sources: NVD: CVE-2017-6023 // JVNDB: JVNDB-2017-002740 // ZDI: ZDI-17-465 // CNVD: CNVD-2017-05066 // BID: 96892 // IVD: 67382430-e896-4ad0-9272-f55e1fb83a21 // VULHUB: VHN-114226

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 67382430-e896-4ad0-9272-f55e1fb83a21 // CNVD: CNVD-2017-05066

AFFECTED PRODUCTS

vendor:	fatek	model:	ethernet module configuration tool cbeh	scope:	lte	version:	3.5	Trust: 1.0
vendor:	fatek	model:	ethernet module configuration tool cm25e	scope:	lte	version:	3.5	Trust: 1.0
vendor:	fatek	model:	ethernet module configuration tool cm55e	scope:	lte	version:	3.5	Trust: 1.0
vendor:	fatek	model:	ethernet module configuration tool cbe	scope:	lte	version:	3.5	Trust: 1.0
vendor:	fatek	model:	automation plc ethernet module cm55e	scope:	eq	version:	0	Trust: 0.9
vendor:	fatek	model:	automation plc ethernet module cbe	scope:	eq	version:	0	Trust: 0.9
vendor:	fatek	model:	automation plc ethernet module cbeh	scope:	eq	version:	0	Trust: 0.9
vendor:	fatek	model:	automation plc ethernet module cm25e	scope:	eq	version:	0	Trust: 0.9
vendor:	fatek automation	model:	plc ethernet module cbe	scope:	lt	version:	3.6 build 170215	Trust: 0.8
vendor:	fatek automation	model:	plc ethernet module cbeh	scope:	lt	version:	3.6 build 170215	Trust: 0.8
vendor:	fatek automation	model:	plc ethernet module cm25e	scope:	lt	version:	3.6 build 170215	Trust: 0.8
vendor:	fatek automation	model:	plc ethernet module cm55e	scope:	lt	version:	3.6 build 170215	Trust: 0.8
vendor:	fatek automation	model:	plc ethernet module configuration tool	scope:	-	version:	-	Trust: 0.7
vendor:	fatek automation	model:	ethernet module configuration tool cbe	scope:	eq	version:	3.5	Trust: 0.6
vendor:	fatek automation	model:	ethernet module configuration tool cm55e	scope:	eq	version:	3.5	Trust: 0.6
vendor:	fatek automation	model:	ethernet module configuration tool cbeh	scope:	eq	version:	3.5	Trust: 0.6
vendor:	fatek automation	model:	ethernet module configuration tool cm25e	scope:	eq	version:	3.5	Trust: 0.6
vendor:	fatek	model:	automation plc ethernet module cm55e build	scope:	ne	version:	3.6170215	Trust: 0.3
vendor:	fatek	model:	automation plc ethernet module cm25e build	scope:	ne	version:	3.6170215	Trust: 0.3
vendor:	fatek	model:	automation plc ethernet module cbeh build	scope:	ne	version:	3.6170215	Trust: 0.3
vendor:	fatek	model:	automation plc ethernet module cbe build	scope:	ne	version:	3.6170215	Trust: 0.3
vendor:	ethernet module configuration tool cbe	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	ethernet module configuration tool cbeh	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	ethernet module configuration tool cm25e	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	ethernet module configuration tool cm55e	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 67382430-e896-4ad0-9272-f55e1fb83a21 // ZDI: ZDI-17-465 // CNVD: CNVD-2017-05066 // BID: 96892 // JVNDB: JVNDB-2017-002740 // NVD: CVE-2017-6023 // CNNVD: CNNVD-201702-589

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-6023
value:	CRITICAL
Trust: 1.8
ZDI:	CVE-2017-6023
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2017-05066
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201702-589
value:	CRITICAL
Trust: 0.6
IVD:	67382430-e896-4ad0-9272-f55e1fb83a21
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-114226
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-6023
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
ZDI:	CVE-2017-6023
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-05066
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	67382430-e896-4ad0-9272-f55e1fb83a21
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-114226
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2017-6023
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 67382430-e896-4ad0-9272-f55e1fb83a21 // ZDI: ZDI-17-465 // CNVD: CNVD-2017-05066 // VULHUB: VHN-114226 // JVNDB: JVNDB-2017-002740 // NVD: CVE-2017-6023 // CNNVD: CNNVD-201702-589

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-114226 // JVNDB: JVNDB-2017-002740 // NVD: CVE-2017-6023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-589

TYPE

Buffer error

Trust: 0.8

sources: IVD: 67382430-e896-4ad0-9272-f55e1fb83a21 // CNNVD: CNNVD-201702-589

CONFIGURATIONS

sources: NVD: CVE-2017-6023

PATCH

title:	Top Page	url:	http://www.fatek.com/en/	Trust: 0.8
title:	Fatek Automation has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/icsa-17-073-01	Trust: 0.7
title:	Patch for Fatek Automation PLC Ethernet Module Stack Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/92381	Trust: 0.6
title:	Multiple Fatek Automation PLC Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99645	Trust: 0.6

sources: ZDI: ZDI-17-465 // CNVD: CNVD-2017-05066 // JVNDB: JVNDB-2017-002740 // CNNVD: CNNVD-201702-589

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6023	Trust: 4.3
db:	ICS CERT	id:	ICSA-17-073-01	Trust: 2.8
db:	BID	id:	96892	Trust: 2.6
db:	CNNVD	id:	CNNVD-201702-589	Trust: 0.9
db:	CNVD	id:	CNVD-2017-05066	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002740	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3706	Trust: 0.7
db:	ZDI	id:	ZDI-17-465	Trust: 0.7
db:	IVD	id:	67382430-E896-4AD0-9272-F55E1FB83A21	Trust: 0.2
db:	VULHUB	id:	VHN-114226	Trust: 0.1

sources: IVD: 67382430-e896-4ad0-9272-f55e1fb83a21 // ZDI: ZDI-17-465 // CNVD: CNVD-2017-05066 // VULHUB: VHN-114226 // BID: 96892 // JVNDB: JVNDB-2017-002740 // NVD: CVE-2017-6023 // CNNVD: CNNVD-201702-589

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-073-01	Trust: 3.5
url:	http://www.securityfocus.com/bid/96892	Trust: 2.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6023	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6023	Trust: 0.8
url:	http://www.fatek.com/en/	Trust: 0.3

sources: ZDI: ZDI-17-465 // CNVD: CNVD-2017-05066 // VULHUB: VHN-114226 // BID: 96892 // JVNDB: JVNDB-2017-002740 // NVD: CVE-2017-6023 // CNNVD: CNNVD-201702-589

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-17-465

SOURCES

db:	IVD	id:	67382430-e896-4ad0-9272-f55e1fb83a21
db:	ZDI	id:	ZDI-17-465
db:	CNVD	id:	CNVD-2017-05066
db:	VULHUB	id:	VHN-114226
db:	BID	id:	96892
db:	JVNDB	id:	JVNDB-2017-002740
db:	NVD	id:	CVE-2017-6023
db:	CNNVD	id:	CNNVD-201702-589

LAST UPDATE DATE

2023-12-18T12:44:40.787000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-465	date:	2017-07-11T00:00:00
db:	CNVD	id:	CNVD-2017-05066	date:	2017-04-22T00:00:00
db:	VULHUB	id:	VHN-114226	date:	2019-10-09T00:00:00
db:	BID	id:	96892	date:	2017-03-16T01:02:00
db:	JVNDB	id:	JVNDB-2017-002740	date:	2017-04-26T00:00:00
db:	NVD	id:	CVE-2017-6023	date:	2021-10-28T11:54:47.673
db:	CNNVD	id:	CNNVD-201702-589	date:	2021-11-01T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	67382430-e896-4ad0-9272-f55e1fb83a21	date:	2017-04-22T00:00:00
db:	ZDI	id:	ZDI-17-465	date:	2017-07-11T00:00:00
db:	CNVD	id:	CNVD-2017-05066	date:	2017-04-14T00:00:00
db:	VULHUB	id:	VHN-114226	date:	2017-03-16T00:00:00
db:	BID	id:	96892	date:	2017-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-002740	date:	2017-04-26T00:00:00
db:	NVD	id:	CVE-2017-6023	date:	2017-03-16T04:59:00.153
db:	CNNVD	id:	CNNVD-201702-589	date:	2017-02-17T00:00:00