OTPulse
FeedAboutContact

FATEK Automation PLC WinProladder

Monitor7.8ICS-CERT ICSA-20-254-02Sep 10, 2020
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability in FATEK WinProladder (version 3.28 and earlier) may cause denial-of-service or remote code execution on affected engineering workstations. Successful exploitation could crash the device or allow arbitrary code execution, but the vulnerability is not remotely exploitable and requires local access or user interaction. FATEK has not provided a patch or mitigation plan.

What this means
What could happen
A buffer overflow in WinProladder could allow an attacker with local access to crash the engineering workstation or execute arbitrary code, potentially disrupting PLC programming and configuration activities at the facility.
Who's at risk
Manufacturing facilities using FATEK PLCs with WinProladder for engineering and configuration should be concerned. This affects anyone who uses WinProladder version 3.28 or earlier to program or maintain FATEK PLCs on the production floor or in engineering shops.
How it could be exploited
An attacker with physical or local network access must craft a malicious input (likely through a file or network message to the WinProladder software) that triggers the buffer overflow. This could be delivered via email attachment or USB if an engineer opens it on a workstation running the affected software version.
Prerequisites
  • Local access to the WinProladder workstation or network-level access if the software is exposed on the local network
  • WinProladder version 3.28 or earlier installed
  • Social engineering vector (user must open a malicious file or email attachment)
no patch availablebuffer overflow conditionrequires local or social engineering access
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
PLC WinProladder:≤ 3.28No fix (EOL)
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WinProladder to a version newer than 3.28 if a fixed version becomes available from FATEK
Mitigations - no patch available
0/3
PLC WinProladder: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate WinProladder engineering workstations from the business network using a firewall or network segmentation
HARDENINGImplement email filtering and user awareness training to reduce the likelihood of malicious file delivery to engineering staff
HARDENINGRestrict local network access to WinProladder workstations to authorized personnel only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/26c09012-e249-4aba-a4d0-20eb8cf0f8c7
FATEK Automation PLC WinProladder | CVSS 7.8 - OTPulse