CVE-2021-38438

Summary

A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
FATEK AutomationWinProladderAll <= 3.30affected

Weaknesses

  • CWE-416: USE AFTER FREE CWE-416

Workarounds

FATEK Automation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information.

ADP Enrichment

CVE Program Container

Additional References

References