CVE-2022-23985: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
First published: Fri Feb 25 2022(Updated: )
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fatek FvDesigner | <=1.5.100 | |
| Fatek Automation FvDesigner | <=1.5.100 | |
Remedy
FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01
- https://www.zerodayinitiative.com/advisories/ZDI-22-434/
- https://www.zerodayinitiative.com/advisories/ZDI-22-433/
- https://www.zerodayinitiative.com/advisories/ZDI-22-437/
- https://www.zerodayinitiative.com/advisories/ZDI-22-438/
- https://www.zerodayinitiative.com/advisories/ZDI-22-440/
- https://www.zerodayinitiative.com/advisories/ZDI-22-432/
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-055-01 (Advisory)
- collector/nvd-index
- agent/type
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/references
- agent/title
- agent/author
- agent/weakness
- agent/description
- agent/remedy
- agent/severity
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-433
- alias/ZDI-CAN-14800
- alias/CVE-2022-23985
- alias/ZDI-22-440
- alias/ZDI-CAN-14854
- alias/ZDI-22-434
- alias/ZDI-CAN-14802
- alias/ZDI-22-432
- alias/ZDI-CAN-14797
- alias/ZDI-22-438
- alias/ZDI-CAN-14855
- alias/ZDI-22-437
- alias/ZDI-CAN-14852
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/fatek
- canonical/fatek fvdesigner
- version/fatek fvdesigner/1.5.100
- vendor/fatek automation
- canonical/fatek automation fvdesigner
- version/fatek automation fvdesigner/1.5.100