HIGH🇵🇱 Wersja polska

CVE-2021-38434

CVSS 7.8v3.1pub. 2021-10-18upd. 2024-11-21

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Fatek Winproladder

    APP
    Fatek
    ≤ 3.30
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-32992CRITICAL9.8ten sam produkt

FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of...

CVE-2021-32988CRITICAL9.8ten sam produkt

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allo...

CVE-2021-32990CRITICAL9.8ten sam produkt

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow...

CVE-2021-43554HIGH7.8ten sam produkt

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing pro...

CVE-2021-43556HIGH7.8ten sam produkt

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while process...