cvelistv5 - CVE-2017-6023

CVE-2017-6023 (GCVE-0-2017-6023)

Vulnerability from cvelistv5

Published

2017-03-16 03:49

Modified

2024-08-05 15:18

Severity ?

CWE

CWE-121

Summary

References

URL

	Vendor	Product	Version
	n/a	Fatek Automation PLC Ethernet Module	Version: Fatek Automation PLC Ethernet Module

icsa-17-073-01

Vulnerability from csaf_cisa

Published

2017-03-14 00:00

Modified

2017-03-14 00:00

Summary

FATEK Automation PLC Ethernet Module

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable. Low skill level to exploit.

Countries/areas deployed

Asia and Europe

Company headquarters location

Taiwan

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "an anonymous party"
        ],
        "organization": "Trend Micro\u0027s Zero Day Initiative",
        "summary": "identifying this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable. Low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Asia and Europe",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-073-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-073-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-073-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-073-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-073-01"
      }
    ],
    "title": "FATEK Automation PLC Ethernet Module",
    "tracking": {
      "current_release_date": "2017-03-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-073-01",
      "initial_release_date": "2017-03-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-14T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-073-01 Fatek Automation PLC Ethernet Module"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CBEH: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CBEH"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CM25E: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CM25E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CBE: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CBE"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CM55E: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CM55E"
          }
        ],
        "category": "vendor",
        "name": "FATEK Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6023",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.CVE-2017-6023 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6023"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "FATEK Automation has created a new version of the \u201cether_cfg software tool\u201d to mitigate this vulnerability. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.fatek.com/en/technical.php?act=software\u0026catId=12"
        },
        {
          "category": "mitigation",
          "details": "For more information about this vulnerability and how to mitigate it, please see the Fatek EtherConfig release note on the Fatek technical support web page",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.fatek.com/en/technical.php?act=software\u0026catId=1"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

ICSA-17-073-01

Vulnerability from csaf_cisa

Published

2017-03-14 00:00

Modified

2017-03-14 00:00

Summary

FATEK Automation PLC Ethernet Module

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

ATTENTION: Remotely exploitable. Low skill level to exploit.

Countries/areas deployed

Asia and Europe

Company headquarters location

Taiwan

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "an anonymous party"
        ],
        "organization": "Trend Micro\u0027s Zero Day Initiative",
        "summary": "identifying this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable. Low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Asia and Europe",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-073-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-073-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-073-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-073-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-073-01"
      }
    ],
    "title": "FATEK Automation PLC Ethernet Module",
    "tracking": {
      "current_release_date": "2017-03-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-073-01",
      "initial_release_date": "2017-03-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-14T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-073-01 Fatek Automation PLC Ethernet Module"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CBEH: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CBEH"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CM25E: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CM25E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CBE: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CBE"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6 Build 170215",
                "product": {
                  "name": "CM55E: versions prior to V3.6 Build 170215",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CM55E"
          }
        ],
        "category": "vendor",
        "name": "FATEK Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6023",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.CVE-2017-6023 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6023"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "FATEK Automation has created a new version of the \u201cether_cfg software tool\u201d to mitigate this vulnerability. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.fatek.com/en/technical.php?act=software\u0026catId=12"
        },
        {
          "category": "mitigation",
          "details": "For more information about this vulnerability and how to mitigate it, please see the Fatek EtherConfig release note on the Fatek technical support web page",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.fatek.com/en/technical.php?act=software\u0026catId=1"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

var-201703-1368

Vulnerability from variot

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. plural Fatek Automation PLC Ethernet Module Work on Ether_cfg The software configuration tool contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ether_cfg.exe. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Failed attempts will likely cause a denial-of-service condition

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1368",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ethernet module configuration tool cm55e",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cbeh",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cbe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cm25e",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fatek",
        "version": "3.5"
      },
      {
        "model": "automation plc ethernet module cm55e",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "automation plc ethernet module cbe",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "automation plc ethernet module cbeh",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "automation plc ethernet module cm25e",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fatek",
        "version": "0"
      },
      {
        "model": "plc ethernet module cbe",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module cbeh",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module cm25e",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module cm55e",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fatek automation",
        "version": "3.6 build 170215"
      },
      {
        "model": "plc ethernet module configuration tool",
        "scope": null,
        "trust": 0.7,
        "vendor": "fatek automation",
        "version": null
      },
      {
        "model": "ethernet module configuration tool cbe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cm55e",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cbeh",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "ethernet module configuration tool cm25e",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fatek automation",
        "version": "3.5"
      },
      {
        "model": "automation plc ethernet module cm55e build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": "automation plc ethernet module cm25e build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": "automation plc ethernet module cbeh build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": "automation plc ethernet module cbe build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fatek",
        "version": "3.6170215"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cbe",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cbeh",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cm25e",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ethernet module configuration tool cm55e",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:fatek:ethernet_module_configuration_tool_cbe_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:fatek:ethernet_module_configuration_tool_cbeh_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:fatek:ethernet_module_configuration_tool_cm25e_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:fatek:ethernet_module_configuration_tool_cm55e_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anonymous",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2017-6023",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-6023",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-6023",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-05066",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "67382430-e896-4ad0-9272-f55e1fb83a21",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-114226",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-6023",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6023",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6023",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6023",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "ZDI",
            "id": "CVE-2017-6023",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05066",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-589",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "67382430-e896-4ad0-9272-f55e1fb83a21",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114226",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. plural Fatek Automation PLC Ethernet Module Work on Ether_cfg The software configuration tool contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ether_cfg.exe.  The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.  An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Failed attempts will likely cause a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6023",
        "trust": 4.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-073-01",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "96892",
        "trust": 2.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3706",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "67382430-E896-4AD0-9272-F55E1FB83A21",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "id": "VAR-201703-1368",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      }
    ],
    "trust": 1.65
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:05:28.316000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.fatek.com/en/"
      },
      {
        "title": "Fatek Automation has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
      },
      {
        "title": "Patch for Fatek Automation PLC Ethernet Module Stack Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/92381"
      },
      {
        "title": "Multiple Fatek Automation PLC Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99645"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-121",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-073-01"
      },
      {
        "trust": 2.9,
        "url": "http://www.securityfocus.com/bid/96892"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6023"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6023"
      },
      {
        "trust": 0.3,
        "url": "http://www.fatek.com/en/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "db": "BID",
        "id": "96892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-22T00:00:00",
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "date": "2017-04-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "date": "2017-03-14T00:00:00",
        "db": "BID",
        "id": "96892"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "date": "2017-02-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      },
      {
        "date": "2017-03-16T04:59:00.153000",
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-465"
      },
      {
        "date": "2017-04-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114226"
      },
      {
        "date": "2017-03-16T01:02:00",
        "db": "BID",
        "id": "96892"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002740"
      },
      {
        "date": "2021-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      },
      {
        "date": "2024-11-21T03:28:55.470000",
        "db": "NVD",
        "id": "CVE-2017-6023"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fatek Automation PLC Ethernet Module Stack Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05066"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "67382430-e896-4ad0-9272-f55e1fb83a21"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-589"
      }
    ],
    "trust": 0.8
  }
}

ghsa-jwfc-gwh4-6qmp

Vulnerability from github

Published

2022-05-13 01:05

Modified

2022-05-13 01:05

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-16T04:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.",
  "id": "GHSA-jwfc-gwh4-6qmp",
  "modified": "2022-05-13T01:05:26Z",
  "published": "2022-05-13T01:05:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6023"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96892"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2017-05066

Vulnerability from cnvd

Title

Fatek Automation PLC Ethernet Module堆栈缓冲区溢出漏洞

Description

Fatek Automation PLC是永宏（Fatek Automation）公司研发的一款控制器。 Fatek Automation PLC Ethernet Module存在基于堆栈的缓冲区溢出漏洞。远程攻击者可利用此漏洞在受影响应用程序的上下文中执行任意代码，还可导致拒绝服务。

Severity

高

Patch Name

Fatek Automation PLC Ethernet Module堆栈缓冲区溢出漏洞的补丁

Patch Description

Fatek Automation PLC是永宏（Fatek Automation）公司研发的一款控制器。 Fatek Automation PLC Ethernet Module存在基于堆栈的缓冲区溢出漏洞。远程攻击者可利用此漏洞在受影响应用程序的上下文中执行任意代码，还可导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01

Reference

http://www.securityfocus.com/bid/96892

Impacted products

Name
['Fatek Automation PLC Ethernet Module CM55E 0', 'Fatek Automation PLC Ethernet Module CBE 0', 'Fatek Automation PLC Ethernet Module CBEH 0', 'Fatek Automation PLC Ethernet Module CM25E 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96892"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6023",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6023"
    }
  },
  "description": "Fatek Automation PLC\u662f\u6c38\u5b8f\uff08Fatek Automation\uff09\u516c\u53f8\u7814\u53d1\u7684\u4e00\u6b3e\u63a7\u5236\u5668\u3002\r\n\r\nFatek Automation PLC Ethernet Module\u5b58\u5728\u57fa\u4e8e\u5806\u6808\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8fd8\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "An anonymous researcher working with Trend Micro\u0027s Zero Day Initiative",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-073-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05066",
  "openTime": "2017-04-14",
  "patchDescription": "Fatek Automation PLC\u662f\u6c38\u5b8f\uff08Fatek Automation\uff09\u516c\u53f8\u7814\u53d1\u7684\u4e00\u6b3e\u63a7\u5236\u5668\u3002\r\n\r\nFatek Automation PLC Ethernet Module\u5b58\u5728\u57fa\u4e8e\u5806\u6808\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8fd8\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fatek Automation PLC Ethernet Module\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fatek Automation PLC Ethernet Module CM55E 0",
      "Fatek Automation PLC Ethernet Module CBE 0",
      "Fatek Automation PLC Ethernet Module CBEH 0",
      "Fatek Automation PLC Ethernet Module CM25E 0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/96892",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-27",
  "title": "Fatek Automation PLC Ethernet Module\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

gsd-2017-6023

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6023

Aliases

CVE-2017-6023

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6023",
    "description": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.",
    "id": "GSD-2017-6023"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6023"
      ],
      "details": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.",
      "id": "GSD-2017-6023",
      "modified": "2023-12-13T01:21:09.537733Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6023",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fatek Automation PLC Ethernet Module",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Fatek Automation PLC Ethernet Module"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-121"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "96892",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96892"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6023"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
            },
            {
              "name": "96892",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/96892"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 8.5,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-10-28T11:54Z",
      "publishedDate": "2017-03-16T04:59Z"
    }
  }
}

fkie_cve-2017-6023

Vulnerability from fkie_nvd

Published

2017-03-16 04:59

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/96892	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96892	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
fatek	ethernet_module_configuration_tool_cbe_firmware	*
fatek	ethernet_module_configuration_tool_cbeh_firmware	*
fatek	ethernet_module_configuration_tool_cm25e_firmware	*
fatek	ethernet_module_configuration_tool_cm55e_firmware	*
fatek	plc_ethernet_module	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5962575-2692-4BE9-A2ED-0876266FE32D",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cbeh_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EF5A0F-70CF-45DA-9059-71897B80CA67",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm25e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E315B2C5-B4F7-4E40-BB34-8DF025DA6E21",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatek:ethernet_module_configuration_tool_cm55e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F51CA0-E22C-4200-96A5-E726766F9072",
              "versionEndIncluding": "3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatek:plc_ethernet_module:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86322EB5-ED30-4FC3-9810-CC11F38246A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Fatek Automation PLC Ethernet Module. Las herramientas de configuraci\u00f3n del software Ether_cfg afectado en las siguientes versiones de Fatek PLCs: CBEH anteriores a V3.6 Build 170215, CBE versiones anteriores a V3.6 Build 170215, CM55E versiones anteriores a V3.6 Build 170215 y CM25E versiones anteriores a V3.6 Build 170215. Se ha identificado un desbordamiento de b\u00fafer basado en pila, lo que podr\u00eda permitir ejecuci\u00f3n remota de c\u00f3digo o ca\u00edda del dispositivo afectado."
    }
  ],
  "id": "CVE-2017-6023",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-16T04:59:00.153",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96892"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6023 (GCVE-0-2017-6023)

Vulnerability from cvelistv5

icsa-17-073-01

Vulnerability from csaf_cisa

ICSA-17-073-01

Vulnerability from csaf_cisa

var-201703-1368

Vulnerability from variot

ghsa-jwfc-gwh4-6qmp

Vulnerability from github

cnvd-2017-05066

Vulnerability from cnvd

gsd-2017-6023

Vulnerability from gsd

fkie_cve-2017-6023

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature