Skip to main content

Winproladder CVE-2021-38426

HIGH
Out-of-bounds Write (CWE-787)
2021-10-18 ics-cert@hq.dhs.gov
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 18, 2021 - 13:15 nvd
HIGH 7.8

DescriptionNVD

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.

AnalysisAI

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code. Affected products include: Fatek Winproladder.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2021-32992 CRITICAL
9.8 Jun 29

FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory

CVE-2021-32990 CRITICAL
9.8 Jun 29

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attack

CVE-2021-32988 CRITICAL
9.8 Jun 29

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attac

CVE-2021-43556 HIGH
7.8 Dec 28

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing projec

CVE-2021-43554 HIGH
7.8 Dec 28

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files

CVE-2021-38442 HIGH
7.8 Oct 18

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project

CVE-2021-38438 HIGH
7.8 Oct 18

A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid us

CVE-2021-38436 HIGH
7.8 Oct 18

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project

CVE-2021-38434 HIGH
7.8 Oct 18

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project

CVE-2021-38430 HIGH
7.8 Oct 18

FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files

CVE-2021-27486 HIGH
7.8 Apr 12

FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-b

CVE-2020-16234 HIGH
7.8 Sep 30

In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid us

Share

CVE-2021-38426 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy