Details of VAR-202103-0437

ID

VAR-202103-0437

CVE

CVE-2021-22670

TITLE

Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-21-261 // ZDI: ZDI-21-259

DESCRIPTION

An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects

Trust: 2.7

sources: NVD: CVE-2021-22670 // ZDI: ZDI-21-261 // ZDI: ZDI-21-259 // CNVD: CNVD-2021-16380

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-16380

AFFECTED PRODUCTS

vendor:	fatek automation	model:	fvdesigner	scope:	-	version:	-	Trust: 1.4
vendor:	fatek	model:	fvdesigner	scope:	lte	version:	1.5.76	Trust: 1.0
vendor:	fatek	model:	fvdesigner	scope:	lte	version:	<=1.5.76	Trust: 0.6

sources: ZDI: ZDI-21-261 // ZDI: ZDI-21-259 // CNVD: CNVD-2021-16380 // NVD: CVE-2021-22670

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2021-22670
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2021-22670
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-16380
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-1654
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-22670
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-16380
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ZDI:	CVE-2021-22670
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2021-22670
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: ZDI: ZDI-21-261 // ZDI: ZDI-21-259 // CNVD: CNVD-2021-16380 // CNNVD: CNNVD-202102-1654 // NVD: CVE-2021-22670

PROBLEMTYPE DATA

problemtype:

CWE-824

Trust: 1.0

sources: NVD: CVE-2021-22670

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1654

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1654

PATCH

title:

Fatek Automation has issued an update to correct this vulnerability.

url:

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02

Trust: 1.4

sources: ZDI: ZDI-21-261 // ZDI: ZDI-21-259

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22670	Trust: 3.6
db:	ICS CERT	id:	ICSA-21-056-02	Trust: 2.2
db:	ZDI	id:	ZDI-21-261	Trust: 1.3
db:	ZDI_CAN	id:	ZDI-CAN-12000	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11998	Trust: 0.7
db:	ZDI	id:	ZDI-21-259	Trust: 0.7
db:	CNVD	id:	CNVD-2021-16380	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0711	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1654	Trust: 0.6

sources: ZDI: ZDI-21-261 // ZDI: ZDI-21-259 // CNVD: CNVD-2021-16380 // CNNVD: CNNVD-202102-1654 // NVD: CVE-2021-22670

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02	Trust: 3.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-261/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0711	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22670	Trust: 0.6

sources: ZDI: ZDI-21-261 // ZDI: ZDI-21-259 // CNVD: CNVD-2021-16380 // CNNVD: CNNVD-202102-1654 // NVD: CVE-2021-22670

CREDITS

Francis Provencher {PRL}

Trust: 1.4

sources: ZDI: ZDI-21-261 // ZDI: ZDI-21-259

SOURCES

db:	ZDI	id:	ZDI-21-261
db:	ZDI	id:	ZDI-21-259
db:	CNVD	id:	CNVD-2021-16380
db:	CNNVD	id:	CNNVD-202102-1654
db:	NVD	id:	CVE-2021-22670

LAST UPDATE DATE

2024-11-23T22:25:10.290000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-261	date:	2021-02-26T00:00:00
db:	ZDI	id:	ZDI-21-259	date:	2021-02-26T00:00:00
db:	CNVD	id:	CNVD-2021-16380	date:	2021-03-22T00:00:00
db:	CNNVD	id:	CNNVD-202102-1654	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2021-22670	date:	2024-11-21T05:50:26.747

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-261	date:	2021-02-26T00:00:00
db:	ZDI	id:	ZDI-21-259	date:	2021-02-26T00:00:00
db:	CNVD	id:	CNVD-2021-16380	date:	2021-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202102-1654	date:	2021-02-25T00:00:00
db:	NVD	id:	CVE-2021-22670	date:	2021-03-03T17:15:12.550