CVE-2016-5796 - OpenCVE

An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Fatek	Automation Pm Designer Automation Fv Designer

Configuration 1 [-]

OR	cpe:2.3:a:fatek:automation_fv_designer:1.2.8.0:::::::*
	cpe:2.3:a:fatek:automation_pm_designer:2.1.2.2:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/93105	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T21:00:00

Updated: 2017-02-14T10:57:01

Reserved: 2016-06-23T00:00:00

Link: CVE-2016-5796

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-02-13T21:59:00.237

Modified: 2017-02-17T13:46:41.617

Link: CVE-2016-5796

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "Fatek Automation Designer 2.1.2.2", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fatek Automation Designer 2.1.2.2"}]}], "datePublic": "2017-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer."}], "problemTypes": [{"descriptions": [{"description": "Fatek Automation Designer Memory Corruption Vulnerabilities", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-14T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "93105", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93105"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-5796", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fatek Automation Designer 2.1.2.2", "version": {"version_data": [{"version_value": "Fatek Automation Designer 2.1.2.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Fatek Automation Designer Memory Corruption Vulnerabilities"}]}]}, "references": {"reference_data": [{"name": "93105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93105"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-5796", "datePublished": "2017-02-13T21:00:00", "dateReserved": "2016-06-23T00:00:00", "dateUpdated": "2017-02-14T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fatek:automation_fv_designer:1.2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7932FA19-56F5-45CF-AD87-89F1154BD26C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fatek:automation_pm_designer:2.1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "72BEB7C7-E994-41D6-8C54-F1DC2C0CAFBF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer."}, {"lang": "es", "value": "Ha sido descubierto un problema en Fatek Automation PM Designer V3 Versi\u00f3n 2.1.2.2 y Automation FV Designer Versi\u00f3n 1.2.8.0. El env\u00edo de paquetes v\u00e1lidos adicionales podr\u00eda permitir al atacante provocar un bloqueo o ejecutar c\u00f3digo arbitrario, debido a la restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria."}], "id": "CVE-2016-5796", "lastModified": "2017-02-17T13:46:41.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-13T21:59:00.237", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93105"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}