CVE-2016-8377
published 2017-02-13CVE-2016-8377: An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software…
PriorityP356high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
8.91%
94.6th percentile
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fatek | plc_winproladder_firmware | — | — |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjr3-5p2r-73h6: An issue was discovered in Fatek Automation PLC WinProladder Version 3
ghsa_unreviewed·2022-05-13
CVE-2016-8377 [HIGH] CWE-119 GHSA-pjr3-5p2r-73h6: An issue was discovered in Fatek Automation PLC WinProladder Version 3
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution.
CISA ICS
FATEK Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability
cisa_ics·2021-04-08
FATEK Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
FATEK Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability
Last RevisedApril 08, 2021
Alert CodeICSA-16-350-01
## OVERVIEW
A researcher working with Trend Micro’s Zero Day Initiative (ZDI) has identified a stack-based buffer overflow vulnerability in FATEK Automation's PLC WinProladder application. Fatek Automation (Fatek) has not produced an update to mitigate this vulnerability. ZDI has coordinated with NCCIC/ICS-CERT. ZDI will publish the PLC WinProladder vulnerability.
This vulnerability could be exploited remotely.
## AFFECTED PRODUCTS
The following PLC
No detection rules found.
2017-02-13
Published