CVE-2021-38432

Summary

FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code.

Affected Software

VendorProductVersion RangeStatus
FATEK AutomationCommunication ServerAll <= 1.13affected

Weaknesses

  • CWE-121: STACK-BASED BUFFER OVERFLOW CWE-121

Workarounds

FATEK Automation has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact FATEK customer support for additional information.

ADP Enrichment

CVE Program Container

Additional References

References