Fvdesigner
CVE-2021-32931
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
AnalysisAI
An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-824. An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Affected products include: Fatek Fvdesigner.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Fvdesigner
View allFATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. Rated
The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an a
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow a
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowi
An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processi
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being p
A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application proce
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowin
Same weakness CWE-824 – Access of Uninitialized Pointer
View allShare
External POC / Exploit Code
Leaving vuln.today