CVE-2021-38432
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FATEK Automation | Communication Server | All <= 1.13 | affected |
Weaknesses
- CWE-121: STACK-BASED BUFFER OVERFLOW CWE-121
Workarounds
FATEK Automation has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact FATEK customer support for additional information.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.