FATEK Automation Designer Memory Corruption Vulnerabilities

Monitor7.5ICS-CERT ICSA-16-287-06Jul 17, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Memory corruption vulnerabilities (buffer overflow and out-of-bounds access) in FATEK Automation PM Designer V3 2.1.2.2 and Automation FV Designer 1.2.8.0 allow remote attackers to crash these applications without authentication. The vulnerabilities are caused by improper input validation in network-facing code paths.

What this means

What could happen

An attacker with network access can trigger a memory corruption error that crashes the Automation PM Designer or FV Designer application, causing loss of engineering workflow and potentially preventing updates to PLC configurations or logic.

Who's at risk

Engineering and automation teams that use FATEK Automation PM Designer V3 or FV Designer for PLC programming and logic configuration should be concerned. This affects any facility running these legacy design tools on workstations that have network connectivity.

How it could be exploited

An attacker sends a specially crafted network request to the Automation Designer application running on an engineering workstation. The application fails to properly validate input bounds, leading to a buffer overflow or out-of-bounds memory access that crashes the application.

Prerequisites

Network access to the engineering workstation running Automation PM Designer or FV Designer
Automation Designer application is listening on a network interface (not isolated to localhost)
No authentication required to send the malicious request

remotely exploitableno authentication requiredlow complexityno patch availabledenial of service impact

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Automation PM Designer V3: 2.1.2.22.1.2.2No fix (EOL)

Automation FV Designer: 1.2.8.01.2.8.0No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate engineering workstations running Automation PM Designer or FV Designer to a separate, air-gapped network or restrict network access to these systems using firewall rules

WORKAROUNDDisable network interfaces on Automation Designer applications if they do not require remote access; configure the application to listen only on localhost (127.0.0.1) if possible

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor engineering workstations for unexpected crashes or restarts of Automation Designer; implement process monitoring and alerting

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Automation PM Designer V3: 2.1.2.2, Automation FV Designer: 1.2.8.0. Apply the following compensating controls:

HARDENINGContact FATEK to inquire about end-of-life support or potential security updates for Automation PM Designer V3 2.1.2.2 and Automation FV Designer 1.2.8.0

CVEs (3)

CVE-2016-5796 CVE-2016-5798 CVE-2016-5800

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/56416b7f-7a33-4d89-b316-445c66f9b186