CVE-2017-6023 — CRITICAL (9.8)

Q: How severe is CVE-2017-6023?

CVE-2017-6023 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-6023?

Check the references section above for vendor advisories and patch information. Affected products include: Fatek Ethernet Module Configuration Tool Cbe Firmware, Fatek Ethernet Module Configuration Tool Cbeh Firmware, Fatek Ethernet Module Configuration Tool Cm25E Firmware, Fatek Ethernet Module Configuration Tool Cm55E Firmware, Fatek Plc Ethernet Module.

Vulnerability Description

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fatek	Ethernet Module Configuration Tool Cbe Firmware	<= 3.5
Fatek	Ethernet Module Configuration Tool Cbeh Firmware	<= 3.5
Fatek	Ethernet Module Configuration Tool Cm25E Firmware	<= 3.5
Fatek	Ethernet Module Configuration Tool Cm55E Firmware	<= 3.5
Fatek	Plc Ethernet Module	-

Related Weaknesses (CWE)

CWE-121 CWE-119

References

http://www.securityfocus.com/bid/96892Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/96892Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-6023?

CVE-2017-6023 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE vers...

How severe is CVE-2017-6023?

CVE-2017-6023 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-6023?

Check the references section above for vendor advisories and patch information. Affected products include: Fatek Ethernet Module Configuration Tool Cbe Firmware, Fatek Ethernet Module Configuration Tool Cbeh Firmware, Fatek Ethernet Module Configuration Tool Cm25E Firmware, Fatek Ethernet Module Configuration Tool Cm55E Firmware, Fatek Plc Ethernet Module.