CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22662 – Fatek Automation FvDesigner FPJ File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22662
A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Se ha identificado un uso de la memoria previamente liberada en Fatek FvDesigner versiones 1.5.76 y anteriores, en la manera en que la aplicación procesa unos archivos de proyecto, permitiendo a un atacante diseñar un archivo de proyecto especial que puede permitir una ejecución de código arbitraria This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22666 – Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22666
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. Fatek FvDesigner versión 1.5.76 y anteriores, es vulnerable a un desbordamiento del búfer en la región stack de la memoria mientras se procesan los archivos de proyecto, lo que permite a un atacante diseñar un archivo de proyecto especial que puede permitir la ejecución de código arbitraria This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22670 – Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22670
An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Un puntero no inicializado puede ser explotado en Fatek FvDesigner versiones 1.5.76 y anteriores, mientras la aplicación está procesando archivos de proyecto, permitiendo a un atacante diseñar un archivo de proyecto especial que puede permitir una ejecución de código arbitraria This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16234 – FATEK Automation PLC WinProladder
https://notcve.org/view.php?id=CVE-2020-16234
In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code. En PLC WinProladder versión 3.28 y anteriores, se puede aprovechar una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria cuando un usuario válido abre un archivo especialmente diseñado, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota • https://us-cert.cisa.gov/ics/advisories/icsa-20-254-02 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5800
https://notcve.org/view.php?id=CVE-2016-5800
A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Un atacante malicioso puede desencadenar un desbordamiento de búfer remoto en el servidor de comunicaciones en Fatek Automation PM Designer V3, en su versión 2.1.22; y Automation FV Designer, en su versión 1.2.8.0. • https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •