CVE-2017-6023 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2017-6023?

CVE-2017-6023 has a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow vulnerability in Fatek Automation PLC Ethernet Module configuration software allows remote attackers to execute arbitrary code or crash affected PLC devices. This affects industrial control systems using specific Fatek PLC models with vulnerable Ether_cfg software versions. Organizations using these PLCs in critical infrastructure are at risk.

📋 TL;DR

A stack-based buffer overflow vulnerability in Fatek Automation PLC Ethernet Module configuration software allows remote attackers to execute arbitrary code or crash affected PLC devices. This affects industrial control systems using specific Fatek PLC models with vulnerable Ether_cfg software versions. Organizations using these PLCs in critical infrastructure are at risk.

💻 Affected Systems

Products:

Fatek PLC Ethernet Module
Ether_cfg configuration software

Versions: CBEH, CBE, CM55E, CM25E versions prior to V3.6 Build 170215

Operating Systems: Windows (Ether_cfg software)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the Ether_cfg configuration tool software running on Windows systems that manage Fatek PLCs.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete compromise of PLC, potential manipulation of industrial processes, physical damage, or safety incidents.

🟠

Likely Case

PLC crash causing operational disruption in industrial processes, requiring manual restart and potential production downtime.

🟢

If Mitigated

Limited impact if PLCs are isolated in air-gapped networks with proper segmentation and access controls.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical severity; internet-exposed PLCs are highly vulnerable to remote exploitation.

🏢 Internal Only: HIGH - Even internally, vulnerable PLCs can be exploited by attackers who gain network access through other means.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow vulnerabilities typically have low exploitation complexity, especially with CVSS 9.8 score indicating minimal attack requirements.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V3.6 Build 170215 or later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01

Restart Required: Yes

Instructions:

1. Download updated Ether_cfg software version V3.6 Build 170215 or later from Fatek. 2. Install the update on all Windows systems running Ether_cfg. 3. Restart the Ether_cfg software and connected PLCs. 4. Verify all PLCs are running updated firmware.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLC networks from corporate and internet networks using firewalls with strict access controls.

Access Restriction

all

Restrict network access to Ether_cfg software ports (typically TCP 502 for Modbus) to authorized management systems only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable PLCs from untrusted networks
Deploy intrusion detection systems to monitor for exploitation attempts on PLC networks

🔍 How to Verify

Check if Vulnerable:

Check Ether_cfg software version in Help > About menu. If version is prior to V3.6 Build 170215, system is vulnerable.

Check Version:

No command-line option; check via Ether_cfg GUI Help > About menu

Verify Fix Applied:

Verify Ether_cfg software shows version V3.6 Build 170215 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unexpected Ether_cfg software crashes
PLC communication failures
Multiple connection attempts to PLC ports

Network Indicators:

Unusual traffic to TCP port 502 (Modbus) or other PLC communication ports
Malformed packets to Ether_cfg services

SIEM Query:

source="plc_network" AND (dest_port=502 OR dest_port=[plc_ports]) AND (bytes>threshold OR pattern="buffer_overflow")

📊 Metadata

CVE ID: CVE-2017-6023

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 16, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/96892 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01 Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/96892 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-073-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-6023, you might also want to check these: