CVE-2021-38426

Summary

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
FATEK AutomationWinProladderAll <= 3.30affected

Weaknesses

  • CWE-787: OUT-OF-BOUNDS WRITE CWE-787

Workarounds

FATEK Automation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information.

ADP Enrichment

CVE Program Container

Additional References

References