Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-6023

Опубликовано: 16 мар. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 9
EPSS Низкий

Описание

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*
Версия до 3.5 (включая)
cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*
Версия до 3.5 (включая)
cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*
Версия до 3.5 (включая)
cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*
Версия до 3.5 (включая)
cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.03955
Низкий

9.8 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-121
CWE-119

Связанные уязвимости

github логотип

GHSA-jwfc-gwh4-6qmp

CVSS3: 9.8
github
больше 3 лет назад

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.

EPSS

Процентиль: 88%
0.03955
Низкий

9.8 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-121
CWE-119