CVE-2020-16234
published 2020-09-30CVE-2020-16234: In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.30%
66.8th percentile
In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fatek | winproladder | <= 3.28 | — |
| fatek_automation | plc_winproladder | unspecified – 3.28 | — |
| linux | linux_kernel | >= 0 < 4.15.0-99.100 | 4.15.0-99.100 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pwwx-2gvr-j6qv: In PLC WinProladder Version 3
ghsa_unreviewed·2022-05-24
CVE-2020-16234 [HIGH] CWE-121 GHSA-pwwx-2gvr-j6qv: In PLC WinProladder Version 3
In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code.
OSV
linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerabilities
osv·2020-04-30·CVSS 4.7
CVE-2020-11884 linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerabilities
linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerabilities
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race co
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2020-04-28·CVSS 4.7
CVE-2020-11884 linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)
Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attack
CISA ICS
FATEK Automation PLC WinProladder
cisa_ics·2020-09-14·CVSS 7.8
[HIGH] FATEK Automation PLC WinProladder
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
FATEK Automation PLC WinProladder
Last RevisedSeptember 14, 2020
Alert CodeICSA-20-254-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low skill level to exploit
- Vendor: FATEK Automation
- Equipment: PLC WinProladder
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may cause a denial-of-service event and remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of PLC WinProladder are affected:
-
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-09-30
Published