FATEK Automation PLC Ethernet Module
Monitor7.3ICS-CERT ICSA-17-073-01Mar 14, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
FATEK Automation Ethernet modules (CBEH, CM25E, CBE, CM55E) versions prior to Build 170215 contain a stack-based buffer overflow vulnerability in the Ethernet communication handler. An attacker can send a specially crafted Ethernet packet to the PLC to overwrite stack memory and execute arbitrary code. This affects the device firmware with no vendor patch planned for affected models.
What this means
What could happen
An attacker with network access to the FATEK PLC Ethernet module could execute arbitrary code on the device, potentially allowing them to alter production settings, stop operations, or cause equipment damage.
Who's at risk
This vulnerability affects FATEK Automation PLC Ethernet modules (CBEH, CM25E, CBE, CM55E) used in manufacturing facilities for process control. Plant operations, industrial automation, and production scheduling systems that rely on these PLCs should be prioritized for assessment.
How it could be exploited
An attacker on the network sends a specially crafted Ethernet packet to the PLC's network port. The device processes the malformed data without proper validation, allowing the attacker to write to memory and execute code on the PLC.
Prerequisites
- Network access to the PLC Ethernet port (typically port 502 or proprietary FATEK ports)
- No authentication required to send a malicious Ethernet packet
remotely exploitableno authentication requiredlow complexityno patch availableaffects critical control devices
Exploitability
Moderate exploit probability (EPSS 4.0%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
CBEH:< 3.6 Build 170215No fix (EOL)
CM25E:< 3.6 Build 170215No fix (EOL)
CBE:< 3.6 Build 170215No fix (EOL)
CM55E:< 3.6 Build 170215No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1HARDENINGRestrict network access to the PLC to only authorized engineering workstations and HMI systems
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor network traffic to the PLC for suspicious packets or access attempts
Long-term hardening
0/1WORKAROUNDContact FATEK to determine if your PLC models have reached end-of-life and plan replacement or alternative mitigations
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: CBEH:, CM25E:, CBE:, CM55E:. Apply the following compensating controls:
HARDENINGSegment the FATEK PLC network from the enterprise network using a firewall or air-gapping approach
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e811afd3-8575-4246-82ef-5eeea2e82a28