CVE-2021-43554: Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
First published: Tue Dec 28 2021(Updated: )
FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FATEK WinProladder | <=3.30_24518 | |
| Fatek Automation WinProladder | ||
| FATEK Automation WinProladder: Versions 3.30_24518 and prior | ||
| <=3.30_24518 |
Remedy
FATEK Automation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://us-cert.cisa.gov/ics/advisories/icsa-21-320-01
- https://www.zerodayinitiative.com/advisories/ZDI-22-028/
- https://www.zerodayinitiative.com/advisories/ZDI-22-030/
- https://www.zerodayinitiative.com/advisories/ZDI-22-033/
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-320-01 (Advisory)
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-320-01
Frequently Asked Questions
What is CVE-2021-43554?
CVE-2021-43554 is a vulnerability in Fatek Automation WinProladder that allows remote attackers to execute arbitrary code on affected installations.
How can this vulnerability be exploited?
This vulnerability can be exploited by remote attackers when the target visits a malicious page or opens a malicious file.
What is the severity of CVE-2021-43554?
The severity of CVE-2021-43554 is high, with a CVSS score of 7.8.
Which versions of Fatek Automation WinProladder are affected by this vulnerability?
Versions up to and including 3.30_24518 of Fatek Automation WinProladder are affected by this vulnerability.
How can I fix CVE-2021-43554?
To fix CVE-2021-43554, users should update Fatek Automation WinProladder to a version that includes a fix for the vulnerability.
- collector/nvd-index
- agent/type
- agent/severity
- agent/title
- agent/weakness
- agent/remedy
- agent/description
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-033
- alias/ZDI-CAN-14634
- alias/CVE-2021-43554
- agent/software-canonical-lookup
- alias/ZDI-22-030
- alias/ZDI-CAN-14225
- alias/ZDI-22-028
- alias/ZDI-CAN-14517
- agent/references
- collector/ics-cert-advisory
- source/ICS
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- agent/trending
- vendor/fatek
- canonical/fatek winproladder
- version/fatek winproladder/3.30_24518
- vendor/fatek automation
- canonical/fatek automation winproladder
- canonical/fatek automation winproladder: versions 3.30_24518 and prior