CVE-2021-38436

Name of the Vulnerable Software and Affected Versions FATEK Automation WinProladder versions 3.30 and prior

Description The issue is related to the lack of proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. This could allow an attacker to execute arbitrary code in the context of the current process. The vulnerability is also described as a buffer overflow condition during the syntactic analysis of project files, which could be exploited by a remote attacker using a specially crafted file.

Recommendations For FATEK Automation WinProladder versions 3.30 and prior, update to a version that includes proper validation of user-supplied data when parsing project files to prevent memory-corruption conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.