HTTP: Fatek Automation PLC WinProladder Stack Buffer Overflow
A stack-based buffer overflow exists in Fatek Automation PLC WinProladder. Successful exploitation could result in denial of service conditions or, in the worst case, arbitrary code execution in the context of the user running the application.
Extended Description
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution.
References
BugTraq: 94938
CVE: CVE-2020-16234
URL: http://www.zerodayinitiative.com/advisories/ZDI-20-1174/
Short Name
HTTP:FATEK-PLC-STACK-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Automation Buffer CVE-2016-8377 CVE-2020-16234 Fatek Overflow PLC Stack WinProladder bid:94938
Release Date
02/28/2017
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3726
False Positive
Unknown
CVSS Score
6.8
6.0