VIPA Controls Patches WinPLC7 Hole

Thursday, February 23, 2017 @ 04:02 PM gHale


VIPA Controls created a patch to mitigate a stack buffer overflow in its PLC programming software, WinPLC7, according to a report with ICS-CERT.

WinPLC Versions 5.0.45.5921 and prior suffers from the remotely exploitable vulnerability, discovered by Ariele Caltabiano (kimiya) who worked with Trend Micro’s Zero Day Initiative to report this vulnerability.

RELATED STORIES
Siemens Updates DROWN Fix
Siemens Clears 2 RUGGEDCOM Holes
Rockwell Fixes Parser Buffer Overflow
Advantech Clears WebAccess Vulnerability

Successful exploitation of this vulnerability could cause the software the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.

In the vulnerability, there is a stack-based buffer overflow vulnerability where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.

No known public exploits specifically target this vulnerability, which would take a low skill level to exploit.

CVE-2017-5177 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

WinPLC7 sees action in the commercial facilities and the critical manufacturing sector. The software sees action in Africa, Americas, Asia, Australia, Europe, and the Middle East

Herzogenaurach, Germany-based VIPA Controls recommends users install the patch.



Leave a Reply

You must be logged in to post a comment.