CVE-2021-38434
7.8 HIGHFATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which cou...
Published: 2021-10-18 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-194
Affected products
| Vendor | Product |
|---|---|
| fatek | winproladder |
Description
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-38442 — FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which cou... (7.8 HIGH)
- CVE-2021-38440 — FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unautho... (3.3 LOW)
- CVE-2021-38438 — A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malfor... (7.8 HIGH)
- CVE-2021-38436 — FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which cou... (7.8 HIGH)
- CVE-2021-38430 — FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could res... (7.8 HIGH)