CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23985 – ICSA-22-055-01 FATEK Automation FvDesigner
https://notcve.org/view.php?id=CVE-2022-23985
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. El producto afectado es vulnerable a una escritura fuera de límites mientras procesa archivos de proyecto, lo que permite a un atacante diseñar un archivo de proyecto que permita la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01 https://www.zerodayinitiative.com/advisories/ZDI-22-432 https://www.zerodayinitiative.com/advisories/ZDI-22-433 https://www.zerodayinitiative.com/advisories/ZDI-22-434 https://www.zerodayinitiative.com/advisories/ZDI-22-437 https://www.zerodayinitiative.com/advisories/ZDI-22-438 https://www.zerodayinitiative.com/advisories/ZDI-22-440 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32939 – Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32939
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution. FATEK Automation FvDesigner, Versiones 1.5.88 y anteriores, es vulnerable a una escritura fuera de límites mientras procesa archivos de proyecto, permitiendo a un atacante diseñar un archivo de proyecto que puede permitir una ejecución de código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02 https://www.zerodayinitiative.com/advisories/ZDI-21-1028 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32947 – Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32947
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. FATEK Automation FvDesigner, versiones 1.5.88 y anteriores, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02 https://www.zerodayinitiative.com/advisories/ZDI-21-1029 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32931 – Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32931
An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Un puntero no inicializado en FATEK Automation FvDesigner, Versiones 1.5.88 y anteriores, puede ser explotado mientras la aplicación está procesando archivos de proyecto, permitiendo a un atacante diseñar un archivo de proyecto especial que puede permitir una ejecución de código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02 https://www.zerodayinitiative.com/advisories/ZDI-21-1027 https://www.zerodayinitiative.com/advisories/ZDI-21-1030 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22683 – Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22683
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Fatek FvDesigner versiones 1.5.76 y anteriores, es vulnerable a una escritura fuera de límites mientras procesa archivos de proyecto, lo que permite a un atacante diseñar un archivo de proyecto especial que puede permitir una ejecución de código arbitraria This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02 • CWE-787: Out-of-bounds Write •