Details of VAR-202110-0991

ID

VAR-202110-0991

CVE

CVE-2021-38438

TITLE

FATEK Automation WinProladder Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-83607 // CNNVD: CNNVD-202110-409

DESCRIPTION

A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution. FATEK Automation WinProladder Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDW files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation WinProladder is a PLC of China FATEK Automation company

Trust: 2.88

sources: NVD: CVE-2021-38438 // JVNDB: JVNDB-2021-013906 // ZDI: ZDI-21-1170 // CNVD: CNVD-2021-83607 // VULMON: CVE-2021-38438

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-83607

AFFECTED PRODUCTS

vendor:	fatek	model:	winproladder	scope:	lte	version:	3.30	Trust: 1.0
vendor:	fatek automation	model:	winproladder	scope:	eq	version:	-	Trust: 0.8
vendor:	fatek automation	model:	winproladder	scope:	lte	version:	3.30 and earlier	Trust: 0.8
vendor:	fatek automation	model:	winproladder	scope:	-	version:	-	Trust: 0.7
vendor:	fatek	model:	automation winproladder	scope:	lte	version:	<=3.30	Trust: 0.6

sources: ZDI: ZDI-21-1170 // CNVD: CNVD-2021-83607 // JVNDB: JVNDB-2021-013906 // NVD: CVE-2021-38438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38438
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-38438
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-38438
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-38438
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2021-83607
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-409
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-38438
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-38438
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-83607
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-38438
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-013906
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-38438
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-1170 // CNVD: CNVD-2021-83607 // VULMON: CVE-2021-38438 // JVNDB: JVNDB-2021-013906 // CNNVD: CNNVD-202110-409 // NVD: CVE-2021-38438 // NVD: CVE-2021-38438

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013906 // NVD: CVE-2021-38438

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-409

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202110-409

PATCH

title:	Top Page	url:	https://www.fatek.com/en	Trust: 0.8
title:	Fatek Automation has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-280-06	Trust: 0.7
title:	FATEK Automation WinProladder Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165080	Trust: 0.6

sources: ZDI: ZDI-21-1170 // JVNDB: JVNDB-2021-013906 // CNNVD: CNNVD-202110-409

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38438	Trust: 4.6
db:	ICS CERT	id:	ICSA-21-280-06	Trust: 3.1
db:	ZDI	id:	ZDI-21-1170	Trust: 1.4
db:	JVN	id:	JVNVU93626160	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-013906	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-13743	Trust: 0.7
db:	CNVD	id:	CNVD-2021-83607	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3351	Trust: 0.6
db:	CS-HELP	id:	SB2021100805	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-409	Trust: 0.6
db:	VULMON	id:	CVE-2021-38438	Trust: 0.1

sources: ZDI: ZDI-21-1170 // CNVD: CNVD-2021-83607 // VULMON: CVE-2021-38438 // JVNDB: JVNDB-2021-013906 // CNNVD: CNNVD-202110-409 // NVD: CVE-2021-38438

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-280-06	Trust: 3.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38438	Trust: 1.4
url:	http://jvn.jp/vu/jvnvu93626160/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-280-06	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-1170/	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2021.3351	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100805	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-1170 // CNVD: CNVD-2021-83607 // VULMON: CVE-2021-38438 // JVNDB: JVNDB-2021-013906 // CNNVD: CNNVD-202110-409 // NVD: CVE-2021-38438

CREDITS

xina1i

Trust: 0.7

sources: ZDI: ZDI-21-1170

SOURCES

db:	ZDI	id:	ZDI-21-1170
db:	CNVD	id:	CNVD-2021-83607
db:	VULMON	id:	CVE-2021-38438
db:	JVNDB	id:	JVNDB-2021-013906
db:	CNNVD	id:	CNNVD-202110-409
db:	NVD	id:	CVE-2021-38438

LAST UPDATE DATE

2024-08-14T13:23:18.896000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-1170	date:	2021-10-14T00:00:00
db:	CNVD	id:	CNVD-2021-83607	date:	2022-01-18T00:00:00
db:	VULMON	id:	CVE-2021-38438	date:	2021-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-013906	date:	2022-09-29T07:06:00
db:	CNNVD	id:	CNNVD-202110-409	date:	2021-10-25T00:00:00
db:	NVD	id:	CVE-2021-38438	date:	2021-10-21T20:24:15.880

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-1170	date:	2021-10-14T00:00:00
db:	CNVD	id:	CNVD-2021-83607	date:	2021-10-07T00:00:00
db:	VULMON	id:	CVE-2021-38438	date:	2021-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-013906	date:	2022-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202110-409	date:	2021-10-07T00:00:00
db:	NVD	id:	CVE-2021-38438	date:	2021-10-18T13:15:09.817