Main Vulnerability Database Vulnerabilities #VU54390

#VU54390 Stack-based buffer overflow in PLC WinProladder - CVE-2020-16234

Published: June 25, 2021

Vulnerability identifier: #VU54390

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-16234

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PLC WinProladder

Software vendor:
Fatek

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://us-cert.cisa.gov/ics/advisories/icsa-20-254-02

#VU54390 Stack-based buffer overflow in PLC WinProladder - CVE-2020-16234

Description

Remediation

External links

Please verify you're human