Details of VAR-202103-0510

ID

VAR-202103-0510

CVE

CVE-2021-22638

TITLE

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-255

DESCRIPTION

Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects

Trust: 2.07

sources: NVD: CVE-2021-22638 // ZDI: ZDI-21-255 // CNVD: CNVD-2021-16377

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-16377

AFFECTED PRODUCTS

vendor:	fatek	model:	fvdesigner	scope:	lte	version:	1.5.76	Trust: 1.0
vendor:	fatek automation	model:	fvdesigner	scope:	-	version:	-	Trust: 0.7
vendor:	fatek	model:	fvdesigner	scope:	lte	version:	<=1.5.76	Trust: 0.6

sources: ZDI: ZDI-21-255 // CNVD: CNVD-2021-16377 // NVD: CVE-2021-22638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22638
value:	HIGH
Trust: 1.0
ZDI:	CVE-2021-22638
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2021-16377
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-1647
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-22638
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-16377
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22638
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-22638
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-255 // CNVD: CNVD-2021-16377 // CNNVD: CNNVD-202102-1647 // NVD: CVE-2021-22638

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.0

sources: NVD: CVE-2021-22638

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1647

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1647

PATCH

title:

Fatek Automation has issued an update to correct this vulnerability.

url:

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02

Trust: 0.7

sources: ZDI: ZDI-21-255

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22638	Trust: 2.9
db:	ICS CERT	id:	ICSA-21-056-02	Trust: 2.2
db:	ZDI	id:	ZDI-21-255	Trust: 1.3
db:	ZDI_CAN	id:	ZDI-CAN-11802	Trust: 0.7
db:	CNVD	id:	CNVD-2021-16377	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0711	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1647	Trust: 0.6

sources: ZDI: ZDI-21-255 // CNVD: CNVD-2021-16377 // CNNVD: CNNVD-202102-1647 // NVD: CVE-2021-22638

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02	Trust: 2.9
url:	https://www.zerodayinitiative.com/advisories/zdi-21-255/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0711	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22638	Trust: 0.6

sources: ZDI: ZDI-21-255 // CNVD: CNVD-2021-16377 // CNNVD: CNNVD-202102-1647 // NVD: CVE-2021-22638

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-21-255

SOURCES

db:	ZDI	id:	ZDI-21-255
db:	CNVD	id:	CNVD-2021-16377
db:	CNNVD	id:	CNNVD-202102-1647
db:	NVD	id:	CVE-2021-22638

LAST UPDATE DATE

2024-11-23T22:25:10.382000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-255	date:	2021-02-26T00:00:00
db:	CNVD	id:	CNVD-2021-16377	date:	2021-03-22T00:00:00
db:	CNNVD	id:	CNNVD-202102-1647	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2021-22638	date:	2024-11-21T05:50:21.830

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-255	date:	2021-02-26T00:00:00
db:	CNVD	id:	CNVD-2021-16377	date:	2021-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202102-1647	date:	2021-02-25T00:00:00
db:	NVD	id:	CVE-2021-22638	date:	2021-03-03T17:15:12.333