9.8
CVE-2017-6023
- EPSS 3.96%
- Veröffentlicht 16.03.2017 04:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fatek ≫ Ethernet Module Configuration Tool Cbe Firmware Version <= 3.5
Fatek ≫ Ethernet Module Configuration Tool Cbeh Firmware Version <= 3.5
Fatek ≫ Ethernet Module Configuration Tool Cm25e Firmware Version <= 3.5
Fatek ≫ Ethernet Module Configuration Tool Cm55e Firmware Version <= 3.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.96% | 0.878 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 10 | 8.5 |
AV:N/AC:L/Au:N/C:P/I:P/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).