Details of VAR-202103-0436

ID

VAR-202103-0436

CVE

CVE-2021-22666

TITLE

Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-260

DESCRIPTION

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects

Trust: 2.07

sources: NVD: CVE-2021-22666 // ZDI: ZDI-21-260 // CNVD: CNVD-2021-16378

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-16378

AFFECTED PRODUCTS

vendor:	fatek	model:	fvdesigner	scope:	lte	version:	1.5.76	Trust: 1.0
vendor:	fatek automation	model:	fvdesigner	scope:	-	version:	-	Trust: 0.7
vendor:	fatek	model:	fvdesigner	scope:	lte	version:	<=1.5.76	Trust: 0.6

sources: ZDI: ZDI-21-260 // CNVD: CNVD-2021-16378 // NVD: CVE-2021-22666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22666
value:	HIGH
Trust: 1.0
ZDI:	CVE-2021-22666
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2021-16378
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-1651
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-22666
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-16378
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22666
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-22666
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-260 // CNVD: CNVD-2021-16378 // CNNVD: CNNVD-202102-1651 // NVD: CVE-2021-22666

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2021-22666

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1651

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1651

PATCH

title:

Fatek Automation has issued an update to correct this vulnerability.

url:

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02

Trust: 0.7

sources: ZDI: ZDI-21-260

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22666	Trust: 2.9
db:	ICS CERT	id:	ICSA-21-056-02	Trust: 2.2
db:	ZDI	id:	ZDI-21-260	Trust: 1.3
db:	ZDI_CAN	id:	ZDI-CAN-11999	Trust: 0.7
db:	CNVD	id:	CNVD-2021-16378	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0711	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1651	Trust: 0.6

sources: ZDI: ZDI-21-260 // CNVD: CNVD-2021-16378 // CNNVD: CNNVD-202102-1651 // NVD: CVE-2021-22666

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02	Trust: 2.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22666	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0711	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-260/	Trust: 0.6

sources: ZDI: ZDI-21-260 // CNVD: CNVD-2021-16378 // CNNVD: CNNVD-202102-1651 // NVD: CVE-2021-22666

CREDITS

Francis Provencher {PRL}

Trust: 0.7

sources: ZDI: ZDI-21-260

SOURCES

db:	ZDI	id:	ZDI-21-260
db:	CNVD	id:	CNVD-2021-16378
db:	CNNVD	id:	CNNVD-202102-1651
db:	NVD	id:	CVE-2021-22666

LAST UPDATE DATE

2024-11-23T22:25:10.263000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-260	date:	2021-02-26T00:00:00
db:	CNVD	id:	CNVD-2021-16378	date:	2021-03-22T00:00:00
db:	CNNVD	id:	CNNVD-202102-1651	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2021-22666	date:	2024-11-21T05:50:26.283

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-260	date:	2021-02-26T00:00:00
db:	CNVD	id:	CNVD-2021-16378	date:	2021-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202102-1651	date:	2021-02-25T00:00:00
db:	NVD	id:	CVE-2021-22666	date:	2021-03-03T17:15:12.473