CVE-2021-38426

Name of the Vulnerable Software and Affected Versions FATEK Automation WinProladder versions 3.30 and prior

Description The issue is related to an out-of-bounds write operation in memory during the syntactic analysis of PDW files. This can be exploited by an attacker to execute arbitrary code or cause a denial of service. The vulnerability is due to a lack of proper validation of user-supplied data when parsing project files.

Recommendations For FATEK Automation WinProladder versions 3.30 and prior, consider disabling the project file parsing functionality until a patch is available to prevent exploitation. Restrict access to the PDW file parsing module to minimize the risk of arbitrary code execution. Avoid using user-supplied data in project files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.