OTPulse
FeedAboutContact

FATEK Automation Communication Server

Act Now9.8ICS-CERT ICSA-21-280-07Oct 7, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

FATEK Automation Communication Server versions 1.13 and earlier contain a stack buffer overflow (CWE-121) that allows unauthenticated remote attackers to execute arbitrary code. The vulnerability is triggered by sending specially crafted network packets to the server. FATEK has not responded to mitigation requests and has not released a patch. The vendor recommends contacting customer support directly.

What this means
What could happen
An attacker with network access to the Communication Server could execute arbitrary code on the device, potentially allowing them to intercept, modify, or disrupt control system communications and commands.
Who's at risk
Water and electric utilities using FATEK Communication Server (version 1.13 or earlier) to coordinate control devices. Any facility that relies on this server for remote device configuration or monitoring is affected.
How it could be exploited
An attacker on the network can send a specially crafted message to the Communication Server without needing credentials. If the server is exposed directly to the internet or accessible from untrusted networks, the attack can be carried out remotely. Once code execution is achieved, the attacker can read messages, inject false commands, or crash the communication channel.
Prerequisites
  • Network access to the Communication Server port (typically Ethernet)
Remotely exploitableNo authentication requiredLow complexity attackNo patch availableNo known active exploitation (but high criticality)Network-accessible by default
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
Communication Server:≤ 1.13No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGIsolate the Communication Server on a dedicated control system network separated from business and internet networks using a firewall
HARDENINGBlock inbound access to the Communication Server from the internet and untrusted networks at the firewall boundary
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

WORKAROUNDIf remote access to the Communication Server is required, implement a VPN with current security patches and restrict access to authorized users only
WORKAROUNDContact FATEK support to determine if a workaround or alternative product is available
Mitigations - no patch available
0/1
Communication Server: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor network traffic to and from the Communication Server for suspicious activity
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dc798e00-306e-44cd-b823-3820af7b3523
FATEK Automation Communication Server | CVSS 9.8 - OTPulse