PatchSiren cyber security CVE debrief
CVE-2016-8377 Fatek CVE debrief
CVE-2016-8377 was publicly disclosed on 2017-02-13 and affects Fatek Automation PLC WinProladder Version 3.11 Build 14701. According to the official NVD record, the issue is a stack-based buffer overflow that can be triggered when the application connects to a malicious server, creating an exploitable SEH overwrite condition that may allow remote code execution. NVD rates the issue HIGH with a CVSS 3.1 vector of AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
- Vendor
- Fatek
- Product
- CVE-2016-8377
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Industrial control system and OT teams using Fatek WinProladder, especially engineering workstations or operators that may connect the software to external or untrusted servers. Security teams responsible for segmented ICS environments should treat this as a serious endpoint and network exposure risk.
Technical summary
NVD classifies the weakness as CWE-119 and lists the vulnerable component as cpe:2.3:o:fatek:plc_winproladder_firmware:3.11:build_14701. The vulnerability is described as a stack-based buffer overflow reached when WinProladder connects to a malicious server. The resulting stack corruption can overwrite SEH state and may lead to remote code execution. The published CVSS vector indicates network attackability, low attack complexity, required privileges, required user interaction, and high impact to confidentiality, integrity, and availability.
Defensive priority
High
Recommended defensive actions
- Identify any systems running WinProladder Version 3.11 Build 14701 and treat them as exposed until validated otherwise.
- Restrict the software to trusted, authenticated server endpoints only; block or tightly control outbound connections from engineering workstations.
- Segment OT/ICS engineering assets from general-purpose networks and internet-reachable services.
- Review the ICS-CERT advisory and NVD record for vendor guidance and compensate with local mitigations if patching is not immediately available.
- Monitor affected hosts for unexpected outbound connection attempts or crashes during server connections.
- If the affected version is no longer required, remove or replace it with a validated alternative after testing in a controlled environment.
Evidence notes
This debrief is based on the official NVD CVE record and the supplied NVD modified feed entry. The corpus states the affected product/version, the stack-based buffer overflow, the malicious-server trigger, the SEH overwrite condition, and the likely RCE outcome. The references list an ICS-CERT advisory, SecurityFocus BID 94938, and an Exploit-DB entry as corroborating third-party sources. No patch status or exploit details are asserted beyond what is present in the supplied corpus.
Official resources
-
CVE-2016-8377 CVE record
CVE.org
-
CVE-2016-8377 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Publicly disclosed on 2017-02-13 per the CVE/NVD record. The NVD record was later modified on 2026-05-13; that later date is source metadata only and not the vulnerability date.