cbcvebase.
CVE-2017-6023
published 2017-03-16

CVE-2017-6023: An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.41%
90.1th percentile
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.

Affected

4 ranges
VendorProductVersion rangeFixed in
fatekethernet_module_configuration_tool_cbe_firmware<= 3.5
fatekethernet_module_configuration_tool_cbeh_firmware<= 3.5
fatekethernet_module_configuration_tool_cm25e_firmware<= 3.5
fatekethernet_module_configuration_tool_cm55e_firmware<= 3.5

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is remotely exploitable with no authentication required (PR:N/UI:N), targeting the Ether_cfg software configuration tool on Fatek PLC Ethernet Modules via a stack-based buffer overflow.
  • No known public exploits exist for this CVE as of advisory publication; monitor for anomalous traffic to Fatek PLC Ethernet Module management interfaces.
  • Affected tool is 'Ether_cfg' (ether_cfg software configuration tool); detect presence or execution of this tool on OT networks as a risk indicator.
  • Attack vector is network-based (AV:N) with low complexity (AC:L); alert on unexpected or malformed network traffic directed at Fatek PLC Ethernet Module management ports.
  • ·Patched versions are V3.6 Build 170215 or later for all affected models (CBEH, CBE, CM55E, CM25E); detections should focus on devices running versions prior to this build.
  • ·CVSS v3 base score is 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L); the lack of authentication requirement means any network-reachable attacker can attempt exploitation.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.