CVE-2017-6023
published 2017-03-16CVE-2017-6023: An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.41%
90.1th percentile
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fatek | ethernet_module_configuration_tool_cbe_firmware | <= 3.5 | — |
| fatek | ethernet_module_configuration_tool_cbeh_firmware | <= 3.5 | — |
| fatek | ethernet_module_configuration_tool_cm25e_firmware | <= 3.5 | — |
| fatek | ethernet_module_configuration_tool_cm55e_firmware | <= 3.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is remotely exploitable with no authentication required (PR:N/UI:N), targeting the Ether_cfg software configuration tool on Fatek PLC Ethernet Modules via a stack-based buffer overflow. ↗
- →No known public exploits exist for this CVE as of advisory publication; monitor for anomalous traffic to Fatek PLC Ethernet Module management interfaces. ↗
- →Affected tool is 'Ether_cfg' (ether_cfg software configuration tool); detect presence or execution of this tool on OT networks as a risk indicator. ↗
- →Attack vector is network-based (AV:N) with low complexity (AC:L); alert on unexpected or malformed network traffic directed at Fatek PLC Ethernet Module management ports. ↗
- ·Patched versions are V3.6 Build 170215 or later for all affected models (CBEH, CBE, CM55E, CM25E); detections should focus on devices running versions prior to this build. ↗
- ·CVSS v3 base score is 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L); the lack of authentication requirement means any network-reachable attacker can attempt exploitation. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
FATEK Automation PLC Ethernet Module
cisa_ics·2021-04-08
FATEK Automation PLC Ethernet Module
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
FATEK Automation PLC Ethernet Module
Last RevisedApril 08, 2021
Alert CodeICSA-17-073-01
## CVSS v3 7.3
ATTENTION: Remotely exploitable. Low skill level to exploit.
Vendor: FATEK Automation
Equipment: PLC Ethernet Module
Vulnerability: Stack-based buffer overflow
## AFFECTED PRODUCTS
The affected Ether_cfg software configuration tool runs on the following Fatek PLCs:
- CBEH versions prior to V3.6 Build 170215,
- CBE versions prior to V3.6 Build 170215,
- CM55E versions prior to V3.6 Build 170215, and
- CM25E versions prior to V3.6 Build 170215.
## IMPACT
Successful ex
GHSA
GHSA-jwfc-gwh4-6qmp: An issue was discovered in Fatek Automation PLC Ethernet Module
ghsa_unreviewed·2022-05-13
CVE-2017-6023 [CRITICAL] CWE-119 GHSA-jwfc-gwh4-6qmp: An issue was discovered in Fatek Automation PLC Ethernet Module
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-03-16
Published