CVE-2021-38442

Name of the Vulnerable Software and Affected Versions FATEK Automation WinProladder versions 3.30 and prior

Description The issue is related to the lack of proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition or buffer overflow. This could allow an attacker to execute code in the context of the current process by leveraging the vulnerability with a specially crafted file.

Recommendations For versions 3.30 and prior, consider disabling the project file parsing functionality until a patch is available to prevent potential code execution. Restrict access to the WinProladder software to minimize the risk of exploitation. Avoid using the software to parse untrusted project files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.