Search criteria
56 vulnerabilities found for FvDesigner by FATEK Automation
VAR-201702-0419
Vulnerability from variot - Updated: 2025-04-20 23:13An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PM Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a pm3 file. A malformed file can lead to heap memory corruption. A remote attacker can leverage this vulnerability to cause arbitrary code execution in the context of the user. Multiple Fatek Automation Products are prone to multiple remote code-execution vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "automation pm designer",
"scope": "eq",
"trust": 1.9,
"vendor": "fatek",
"version": "2.1.2.2"
},
{
"_id": null,
"model": "automation fv designer",
"scope": "eq",
"trust": 1.9,
"vendor": "fatek",
"version": "1.2.8.0"
},
{
"_id": null,
"model": "fv designer",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.2.8.0"
},
{
"_id": null,
"model": "pm designer",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "v3 2.1.2.2"
},
{
"_id": null,
"model": "pm designer",
"scope": null,
"trust": 0.7,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 0.7,
"vendor": "fatek automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-525"
},
{
"db": "ZDI",
"id": "ZDI-16-634"
},
{
"db": "BID",
"id": "93105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-436"
},
{
"db": "NVD",
"id": "CVE-2016-5798"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fatek:automation_fv_designer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fatek:automation_pm_designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-525"
},
{
"db": "ZDI",
"id": "ZDI-16-634"
}
],
"trust": 1.4
},
"cve": "CVE-2016-5798",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "ZDI-16-525",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5798",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5798",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5798",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "ZDI-16-525",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2016-5798",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-436",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-525"
},
{
"db": "ZDI",
"id": "ZDI-16-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-436"
},
{
"db": "NVD",
"id": "CVE-2016-5798"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PM Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a pm3 file. A malformed file can lead to heap memory corruption. A remote attacker can leverage this vulnerability to cause arbitrary code execution in the context of the user. Multiple Fatek Automation Products are prone to multiple remote code-execution vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5798"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
},
{
"db": "ZDI",
"id": "ZDI-16-525"
},
{
"db": "ZDI",
"id": "ZDI-16-634"
},
{
"db": "BID",
"id": "93105"
}
],
"trust": 3.15
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-5798",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-06",
"trust": 2.7
},
{
"db": "BID",
"id": "93105",
"trust": 1.9
},
{
"db": "ZDI",
"id": "ZDI-16-525",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3586",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3676",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-634",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201610-436",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-525"
},
{
"db": "ZDI",
"id": "ZDI-16-634"
},
{
"db": "BID",
"id": "93105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-436"
},
{
"db": "NVD",
"id": "CVE-2016-5798"
}
]
},
"id": "VAR-201702-0419",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-04-20T23:13:18.794000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fatek.com/en/"
},
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
},
{
"db": "NVD",
"id": "CVE-2016-5798"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-06"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/93105"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5798"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5798"
},
{
"trust": 0.3,
"url": "http://www.fatek.com/en/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-525/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-634"
},
{
"db": "BID",
"id": "93105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-436"
},
{
"db": "NVD",
"id": "CVE-2016-5798"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-16-525",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-634",
"ident": null
},
{
"db": "BID",
"id": "93105",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007657",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201610-436",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-5798",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-09-21T00:00:00",
"db": "ZDI",
"id": "ZDI-16-525",
"ident": null
},
{
"date": "2016-12-14T00:00:00",
"db": "ZDI",
"id": "ZDI-16-634",
"ident": null
},
{
"date": "2016-09-21T00:00:00",
"db": "BID",
"id": "93105",
"ident": null
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007657",
"ident": null
},
{
"date": "2016-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-436",
"ident": null
},
{
"date": "2017-02-13T21:59:00.267000",
"db": "NVD",
"id": "CVE-2016-5798",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-09-21T00:00:00",
"db": "ZDI",
"id": "ZDI-16-525",
"ident": null
},
{
"date": "2016-12-14T00:00:00",
"db": "ZDI",
"id": "ZDI-16-634",
"ident": null
},
{
"date": "2016-10-26T09:08:00",
"db": "BID",
"id": "93105",
"ident": null
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007657",
"ident": null
},
{
"date": "2016-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-436",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-5798",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-436"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fatek Automation PM Designer V3 and FV Designer Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007657"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-436"
}
],
"trust": 0.6
}
}
VAR-202305-2804
Vulnerability from variot - Updated: 2025-03-25 23:28Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162. FATEK Automation Corporation of FvDesigner Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2804",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-761"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-761"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34263",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34263",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34263",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34263",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34263",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34263",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34263",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-761"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"db": "NVD",
"id": "CVE-2023-34263"
},
{
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162. FATEK Automation Corporation of FvDesigner Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34263"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"db": "ZDI",
"id": "ZDI-23-761"
},
{
"db": "VULMON",
"id": "CVE-2023-34263"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34263",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-23-761",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028468",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18162",
"trust": 0.7
},
{
"db": "VULMON",
"id": "CVE-2023-34263",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-761"
},
{
"db": "VULMON",
"id": "CVE-2023-34263"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"id": "VAR-202305-2804",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-25T23:28:31.769000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [ others ]",
"trust": 0.8
},
{
"problemtype": " Accessing uninitialized pointers (CWE-824) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-761/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34263"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-34263"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-761"
},
{
"db": "VULMON",
"id": "CVE-2023-34263"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-761"
},
{
"date": "2025-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"date": "2024-05-03T02:15:24.397000",
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-761"
},
{
"date": "2025-03-24T05:52:00",
"db": "JVNDB",
"id": "JVNDB-2023-028468"
},
{
"date": "2025-03-13T16:42:49.573000",
"db": "NVD",
"id": "CVE-2023-34263"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028468"
}
],
"trust": 0.8
}
}
VAR-202305-2800
Vulnerability from variot - Updated: 2025-03-15 23:23Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2800",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-766"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-766"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34268",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34268",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34268",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34268",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34268",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34268",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34268",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-766"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"db": "NVD",
"id": "CVE-2023-34268"
},
{
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34268"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"db": "ZDI",
"id": "ZDI-23-766"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34268",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-766",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028384",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18172",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-766"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"id": "VAR-202305-2800",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:23:58.259000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-766/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34268"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-766"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-766"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"date": "2024-05-03T02:15:25.277000",
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-766"
},
{
"date": "2025-03-14T01:36:00",
"db": "JVNDB",
"id": "JVNDB-2023-028384"
},
{
"date": "2025-03-13T16:42:12.087000",
"db": "NVD",
"id": "CVE-2023-34268"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028384"
}
],
"trust": 0.8
}
}
VAR-202305-2736
Vulnerability from variot - Updated: 2025-03-15 23:22Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182. FATEK Automation Corporation of FvDesigner Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2736",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-770"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-770"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34272",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34272",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34272",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34272",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34272",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34272",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34272",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-770"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"db": "NVD",
"id": "CVE-2023-34272"
},
{
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182. FATEK Automation Corporation of FvDesigner Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34272"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"db": "ZDI",
"id": "ZDI-23-770"
},
{
"db": "VULMON",
"id": "CVE-2023-34272"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34272",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-23-770",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028389",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18182",
"trust": 0.7
},
{
"db": "VULMON",
"id": "CVE-2023-34272",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-770"
},
{
"db": "VULMON",
"id": "CVE-2023-34272"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"id": "VAR-202305-2736",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:22:44.602000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Accessing uninitialized pointers (CWE-824) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-770/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34272"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-34272"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-770"
},
{
"db": "VULMON",
"id": "CVE-2023-34272"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-770"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"date": "2024-05-03T02:15:25.970000",
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-770"
},
{
"date": "2025-03-14T04:39:00",
"db": "JVNDB",
"id": "JVNDB-2023-028389"
},
{
"date": "2025-03-13T16:41:49.380000",
"db": "NVD",
"id": "CVE-2023-34272"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028389"
}
],
"trust": 0.8
}
}
VAR-202305-2771
Vulnerability from variot - Updated: 2025-03-15 23:21Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-768"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-768"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34270",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34270",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34270",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34270",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34270",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34270",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34270",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-768"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"db": "NVD",
"id": "CVE-2023-34270"
},
{
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34270"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"db": "ZDI",
"id": "ZDI-23-768"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34270",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-768",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028381",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18176",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-768"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"id": "VAR-202305-2771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:21:58.031000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-768/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34270"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-768"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-768"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"date": "2024-05-03T02:15:25.610000",
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-768"
},
{
"date": "2025-03-14T01:25:00",
"db": "JVNDB",
"id": "JVNDB-2023-028381"
},
{
"date": "2025-03-13T16:42:00.357000",
"db": "NVD",
"id": "CVE-2023-34270"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028381"
}
],
"trust": 0.8
}
}
VAR-202305-2813
Vulnerability from variot - Updated: 2025-03-15 23:21Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18161. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2813",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-760"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-760"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34262",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34262",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34262",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34262",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34262",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34262",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34262",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34262",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-760"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"db": "NVD",
"id": "CVE-2023-34262"
},
{
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18161. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34262"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"db": "ZDI",
"id": "ZDI-23-760"
},
{
"db": "VULMON",
"id": "CVE-2023-34262"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34262",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-23-760",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028391",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18161",
"trust": 0.7
},
{
"db": "VULMON",
"id": "CVE-2023-34262",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-760"
},
{
"db": "VULMON",
"id": "CVE-2023-34262"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"id": "VAR-202305-2813",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:21:58.007000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-760/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34262"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-34262"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-760"
},
{
"db": "VULMON",
"id": "CVE-2023-34262"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-760"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"date": "2024-05-03T02:15:24.190000",
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-760"
},
{
"date": "2025-03-14T04:39:00",
"db": "JVNDB",
"id": "JVNDB-2023-028391"
},
{
"date": "2025-03-13T16:43:01.553000",
"db": "NVD",
"id": "CVE-2023-34262"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028391"
}
],
"trust": 0.8
}
}
VAR-202305-2835
Vulnerability from variot - Updated: 2025-03-15 23:21Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2835",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-767"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-767"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34269",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34269",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34269",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34269",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34269",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34269",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34269",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-767"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"db": "NVD",
"id": "CVE-2023-34269"
},
{
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34269"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"db": "ZDI",
"id": "ZDI-23-767"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34269",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-767",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028380",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18173",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-767"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"id": "VAR-202305-2835",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:21:57.986000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-767/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34269"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-767"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-767"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"date": "2024-05-03T02:15:25.440000",
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-767"
},
{
"date": "2025-03-14T01:25:00",
"db": "JVNDB",
"id": "JVNDB-2023-028380"
},
{
"date": "2025-03-13T16:42:04.017000",
"db": "NVD",
"id": "CVE-2023-34269"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028380"
}
],
"trust": 0.8
}
}
VAR-202305-2757
Vulnerability from variot - Updated: 2025-03-15 23:19Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2757",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-769"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-769"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34271",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34271",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34271",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34271",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34271",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34271",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34271",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34271",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-769"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"db": "NVD",
"id": "CVE-2023-34271"
},
{
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34271"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"db": "ZDI",
"id": "ZDI-23-769"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34271",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-769",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028383",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18178",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-769"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"id": "VAR-202305-2757",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:19:51.328000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-769/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34271"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-769"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-769"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"date": "2024-05-03T02:15:25.797000",
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-769"
},
{
"date": "2025-03-14T01:36:00",
"db": "JVNDB",
"id": "JVNDB-2023-028383"
},
{
"date": "2025-03-13T16:41:56.017000",
"db": "NVD",
"id": "CVE-2023-34271"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028383"
}
],
"trust": 0.8
}
}
VAR-202305-2820
Vulnerability from variot - Updated: 2025-03-15 23:17Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2820",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-771"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-771"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34273",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34273",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-771"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"db": "NVD",
"id": "CVE-2023-34273"
},
{
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34273"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"db": "ZDI",
"id": "ZDI-23-771"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34273",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-771",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028387",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18183",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-771"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"id": "VAR-202305-2820",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:17:14.634000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-771/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34273"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-771"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-771"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"date": "2024-05-03T02:15:26.140000",
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-771"
},
{
"date": "2025-03-14T02:40:00",
"db": "JVNDB",
"id": "JVNDB-2023-028387"
},
{
"date": "2025-03-13T16:41:45.497000",
"db": "NVD",
"id": "CVE-2023-34273"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028387"
}
],
"trust": 0.8
}
}
VAR-202305-2782
Vulnerability from variot - Updated: 2025-03-15 23:14Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18166. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-763"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34265",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34265",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34265",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34265",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34265",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34265",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34265",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"db": "NVD",
"id": "CVE-2023-34265"
},
{
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18166. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34265"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"db": "ZDI",
"id": "ZDI-23-763"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34265",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-763",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028388",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18166",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"id": "VAR-202305-2782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:14:50.032000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-763/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34265"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-763"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"date": "2024-05-03T02:15:24.777000",
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-763"
},
{
"date": "2025-03-14T02:40:00",
"db": "JVNDB",
"id": "JVNDB-2023-028388"
},
{
"date": "2025-03-13T16:42:37.477000",
"db": "NVD",
"id": "CVE-2023-34265"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028388"
}
],
"trust": 0.8
}
}
VAR-202305-2834
Vulnerability from variot - Updated: 2025-03-15 23:07Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18168. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2834",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-764"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-764"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34266",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34266",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34266",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34266",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34266",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34266",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34266",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-764"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"db": "NVD",
"id": "CVE-2023-34266"
},
{
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18168. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34266"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"db": "ZDI",
"id": "ZDI-23-764"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34266",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-764",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028385",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18168",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-764"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"id": "VAR-202305-2834",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:07:50.055000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-764/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34266"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-764"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-764"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"date": "2024-05-03T02:15:24.940000",
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-764"
},
{
"date": "2025-03-14T01:36:00",
"db": "JVNDB",
"id": "JVNDB-2023-028385"
},
{
"date": "2025-03-13T16:42:32.713000",
"db": "NVD",
"id": "CVE-2023-34266"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028385"
}
],
"trust": 0.8
}
}
VAR-202305-2747
Vulnerability from variot - Updated: 2025-03-15 23:04Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18164. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2747",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-762"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-762"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34264",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34264",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34264",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34264",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34264",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34264",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34264",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-762"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"db": "NVD",
"id": "CVE-2023-34264"
},
{
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18164. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34264"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"db": "ZDI",
"id": "ZDI-23-762"
},
{
"db": "VULMON",
"id": "CVE-2023-34264"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34264",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-23-762",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028390",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18164",
"trust": 0.7
},
{
"db": "VULMON",
"id": "CVE-2023-34264",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-762"
},
{
"db": "VULMON",
"id": "CVE-2023-34264"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"id": "VAR-202305-2747",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:04:27.677000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-762/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34264"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-34264"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-762"
},
{
"db": "VULMON",
"id": "CVE-2023-34264"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-762"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"date": "2024-05-03T02:15:24.617000",
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-762"
},
{
"date": "2025-03-14T04:39:00",
"db": "JVNDB",
"id": "JVNDB-2023-028390"
},
{
"date": "2025-03-13T16:42:43.153000",
"db": "NVD",
"id": "CVE-2023-34264"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028390"
}
],
"trust": 0.8
}
}
VAR-202305-2758
Vulnerability from variot - Updated: 2025-03-15 23:00Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18170. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2758",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 1.5,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 1.0,
"vendor": "fatek",
"version": "1.6.24"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.6.24"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-765"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-765"
}
],
"trust": 0.7
},
"cve": "CVE-2023-34267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34267",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34267",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-34267",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-34267",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34267",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34267",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-34267",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-765"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"db": "NVD",
"id": "CVE-2023-34267"
},
{
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18170. FATEK Automation Corporation of FvDesigner Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34267"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"db": "ZDI",
"id": "ZDI-23-765"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34267",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-23-765",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028379",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18170",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-765"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"id": "VAR-202305-2758",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2025-03-15T23:00:14.535000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-765/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34267"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-765"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-765"
},
{
"date": "2025-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"date": "2024-05-03T02:15:25.107000",
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-23-765"
},
{
"date": "2025-03-14T01:25:00",
"db": "JVNDB",
"id": "JVNDB-2023-028379"
},
{
"date": "2025-03-13T16:42:24.880000",
"db": "NVD",
"id": "CVE-2023-34267"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK\u00a0Automation\u00a0Corporation\u00a0 of \u00a0FvDesigner\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028379"
}
],
"trust": 0.8
}
}
VAR-202202-0218
Vulnerability from variot - Updated: 2024-11-23 22:44The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK.
A buffer error vulnerability exists in FATEK Automation FvDesigner
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 2.1,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.100"
},
{
"model": "fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.100"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"db": "CNVD",
"id": "CNVD-2022-21227"
},
{
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xina1i",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
}
],
"trust": 1.4
},
"cve": "CVE-2022-21209",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-21209",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-21227",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-21209",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-21209",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-21209",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-21209",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-21209",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-21227",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1932",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"db": "CNVD",
"id": "CNVD-2022-21227"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1932"
},
{
"db": "NVD",
"id": "CVE-2022-21209"
},
{
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK. \n\r\n\r\nA buffer error vulnerability exists in FATEK Automation FvDesigner",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21209"
},
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"db": "CNVD",
"id": "CNVD-2022-21227"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21209",
"trust": 4.3
},
{
"db": "ZDI",
"id": "ZDI-22-439",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-22-436",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-22-435",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-055-01",
"trust": 1.6
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14858",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14853",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14591",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-21227",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0823",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1932",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"db": "CNVD",
"id": "CNVD-2022-21227"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1932"
},
{
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"id": "VAR-202202-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-21227"
}
],
"trust": 1.1535714000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-21227"
}
]
},
"last_update_date": "2024-11-23T22:44:05.289000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"db": "ZDI",
"id": "ZDI-22-435"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-439/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-435/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-436/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21209"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21209/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0823"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022513"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"db": "CNVD",
"id": "CNVD-2022-21227"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1932"
},
{
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"db": "CNVD",
"id": "CNVD-2022-21227"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1932"
},
{
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"date": "2022-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-21227"
},
{
"date": "2022-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1932"
},
{
"date": "2022-02-25T19:15:22.200000",
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-436"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-435"
},
{
"date": "2022-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-21227"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1932"
},
{
"date": "2024-11-21T06:44:07.247000",
"db": "NVD",
"id": "CVE-2022-21209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1932"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-439"
},
{
"db": "ZDI",
"id": "ZDI-22-436"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1932"
}
],
"trust": 0.6
}
}
VAR-202202-0216
Vulnerability from variot - Updated: 2024-11-23 22:44The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 4.2,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.100"
},
{
"model": "fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.100"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"db": "CNVD",
"id": "CNVD-2022-21228"
},
{
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xina1i",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
}
],
"trust": 4.2
},
"cve": "CVE-2022-23985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-23985",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-21228",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-23985",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 4.2,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-23985",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-23985",
"trust": 4.2,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23985",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-23985",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-21228",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1934",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"db": "CNVD",
"id": "CNVD-2022-21228"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1934"
},
{
"db": "NVD",
"id": "CVE-2022-23985"
},
{
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23985"
},
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"db": "CNVD",
"id": "CNVD-2022-21228"
}
],
"trust": 5.22
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23985",
"trust": 6.4
},
{
"db": "ZDI",
"id": "ZDI-22-440",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-22-438",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-22-437",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-22-434",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-22-433",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-22-432",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-055-01",
"trust": 1.6
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14854",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14855",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14852",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14802",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14800",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14797",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-21228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0823",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1934",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"db": "CNVD",
"id": "CNVD-2022-21228"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1934"
},
{
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"id": "VAR-202202-0216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-21228"
}
],
"trust": 1.1535714000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-21228"
}
]
},
"last_update_date": "2024-11-23T22:44:05.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 4.2,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-438/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-432/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-440/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-437/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-433/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-434/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23985"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-23985/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0823"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022513"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"db": "CNVD",
"id": "CNVD-2022-21228"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1934"
},
{
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"db": "CNVD",
"id": "CNVD-2022-21228"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1934"
},
{
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"date": "2022-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-21228"
},
{
"date": "2022-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1934"
},
{
"date": "2022-02-25T19:15:25.157000",
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-432"
},
{
"date": "2022-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-21228"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1934"
},
{
"date": "2024-11-21T06:49:36.033000",
"db": "NVD",
"id": "CVE-2022-23985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1934"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-440"
},
{
"db": "ZDI",
"id": "ZDI-22-438"
},
{
"db": "ZDI",
"id": "ZDI-22-437"
},
{
"db": "ZDI",
"id": "ZDI-22-434"
},
{
"db": "ZDI",
"id": "ZDI-22-433"
},
{
"db": "ZDI",
"id": "ZDI-22-432"
}
],
"trust": 4.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1934"
}
],
"trust": 0.6
}
}
VAR-202103-0510
Vulnerability from variot - Updated: 2024-11-23 22:25Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.76"
},
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 0.7,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.76"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-255"
},
{
"db": "CNVD",
"id": "CNVD-2021-16377"
},
{
"db": "NVD",
"id": "CVE-2021-22638"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-255"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22638",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22638",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16377",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22638",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2021-22638",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-16377",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1647",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-255"
},
{
"db": "CNVD",
"id": "CNVD-2021-16377"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1647"
},
{
"db": "NVD",
"id": "CVE-2021-22638"
}
]
},
"description": {
"_id": null,
"data": "Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22638"
},
{
"db": "ZDI",
"id": "ZDI-21-255"
},
{
"db": "CNVD",
"id": "CNVD-2021-16377"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22638",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-056-02",
"trust": 2.2
},
{
"db": "ZDI",
"id": "ZDI-21-255",
"trust": 1.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11802",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-16377",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0711",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1647",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-255"
},
{
"db": "CNVD",
"id": "CNVD-2021-16377"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1647"
},
{
"db": "NVD",
"id": "CVE-2021-22638"
}
]
},
"id": "VAR-202103-0510",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16377"
}
],
"trust": 1.1535714000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16377"
}
]
},
"last_update_date": "2024-11-23T22:25:10.382000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-255"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22638"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-255/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0711"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22638"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-255"
},
{
"db": "CNVD",
"id": "CNVD-2021-16377"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1647"
},
{
"db": "NVD",
"id": "CVE-2021-22638"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-255",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-16377",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1647",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22638",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-255",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16377",
"ident": null
},
{
"date": "2021-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1647",
"ident": null
},
{
"date": "2021-03-03T17:15:12.333000",
"db": "NVD",
"id": "CVE-2021-22638",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-255",
"ident": null
},
{
"date": "2021-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16377",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1647",
"ident": null
},
{
"date": "2024-11-21T05:50:21.830000",
"db": "NVD",
"id": "CVE-2021-22638",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1647"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-255"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1647"
}
],
"trust": 0.6
}
}
VAR-202103-0434
Vulnerability from variot - Updated: 2024-11-23 22:25A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects.
The way Fatek FvDesigner 1.5.76 and earlier versions handle project files has a reuse vulnerability after release
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 2.1,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.76"
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.76"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
},
{
"db": "CNVD",
"id": "CNVD-2021-16379"
},
{
"db": "NVD",
"id": "CVE-2021-22662"
}
]
},
"credits": {
"_id": null,
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
}
],
"trust": 2.1
},
"cve": "CVE-2021-22662",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22662",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22662",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22662",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-22662",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22662",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-16379",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1649",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
},
{
"db": "CNVD",
"id": "CNVD-2021-16379"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1649"
},
{
"db": "NVD",
"id": "CVE-2021-22662"
}
]
},
"description": {
"_id": null,
"data": "A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects. \n\r\n\r\nThe way Fatek FvDesigner 1.5.76 and earlier versions handle project files has a reuse vulnerability after release",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22662"
},
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
},
{
"db": "CNVD",
"id": "CNVD-2021-16379"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22662",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-056-02",
"trust": 2.2
},
{
"db": "ZDI",
"id": "ZDI-21-258",
"trust": 1.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11997",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11996",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-257",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11995",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-256",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-16379",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0711",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1649",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
},
{
"db": "CNVD",
"id": "CNVD-2021-16379"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1649"
},
{
"db": "NVD",
"id": "CVE-2021-22662"
}
]
},
"id": "VAR-202103-0434",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16379"
}
],
"trust": 1.1535714000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16379"
}
]
},
"last_update_date": "2024-11-23T22:25:10.347000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22662"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-258/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22662"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0711"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
},
{
"db": "CNVD",
"id": "CNVD-2021-16379"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1649"
},
{
"db": "NVD",
"id": "CVE-2021-22662"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-258",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-257",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-256",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-16379",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1649",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22662",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-258",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-257",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-256",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16379",
"ident": null
},
{
"date": "2021-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1649",
"ident": null
},
{
"date": "2021-03-03T17:15:12.427000",
"db": "NVD",
"id": "CVE-2021-22662",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-258",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-257",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-256",
"ident": null
},
{
"date": "2021-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16379",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1649",
"ident": null
},
{
"date": "2024-11-21T05:50:25.753000",
"db": "NVD",
"id": "CVE-2021-22662",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1649"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fatek Automation FvDesigner FPJ File Parsing Use-After-Free Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-258"
},
{
"db": "ZDI",
"id": "ZDI-21-257"
},
{
"db": "ZDI",
"id": "ZDI-21-256"
}
],
"trust": 2.1
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1649"
}
],
"trust": 0.6
}
}
VAR-202103-0439
Vulnerability from variot - Updated: 2024-11-23 22:25Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.76"
},
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 0.7,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.76"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-254"
},
{
"db": "CNVD",
"id": "CNVD-2021-16376"
},
{
"db": "NVD",
"id": "CVE-2021-22683"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-254"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22683",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22683",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16376",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22683",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22683",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22683",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2021-22683",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-16376",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1657",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-254"
},
{
"db": "CNVD",
"id": "CNVD-2021-16376"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1657"
},
{
"db": "NVD",
"id": "CVE-2021-22683"
}
]
},
"description": {
"_id": null,
"data": "Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22683"
},
{
"db": "ZDI",
"id": "ZDI-21-254"
},
{
"db": "CNVD",
"id": "CNVD-2021-16376"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22683",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-056-02",
"trust": 2.2
},
{
"db": "ZDI",
"id": "ZDI-21-254",
"trust": 1.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11704",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-16376",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0711",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1657",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-254"
},
{
"db": "CNVD",
"id": "CNVD-2021-16376"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1657"
},
{
"db": "NVD",
"id": "CVE-2021-22683"
}
]
},
"id": "VAR-202103-0439",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16376"
}
],
"trust": 1.1535714000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16376"
}
]
},
"last_update_date": "2024-11-23T22:25:10.320000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-254"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22683"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-254/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0711"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22683"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-254"
},
{
"db": "CNVD",
"id": "CNVD-2021-16376"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1657"
},
{
"db": "NVD",
"id": "CVE-2021-22683"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-254",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-16376",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1657",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22683",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-254",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16376",
"ident": null
},
{
"date": "2021-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1657",
"ident": null
},
{
"date": "2021-03-03T17:15:12.690000",
"db": "NVD",
"id": "CVE-2021-22683",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-254",
"ident": null
},
{
"date": "2021-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16376",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1657",
"ident": null
},
{
"date": "2024-11-21T05:50:28.360000",
"db": "NVD",
"id": "CVE-2021-22683",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1657"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-254"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1657"
}
],
"trust": 0.6
}
}
VAR-202103-0437
Vulnerability from variot - Updated: 2024-11-23 22:25An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 1.4,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.76"
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.76"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
},
{
"db": "CNVD",
"id": "CNVD-2021-16380"
},
{
"db": "NVD",
"id": "CVE-2021-22670"
}
]
},
"credits": {
"_id": null,
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
}
],
"trust": 1.4
},
"cve": "CVE-2021-22670",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22670",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16380",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22670",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22670",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-22670",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22670",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-16380",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1654",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
},
{
"db": "CNVD",
"id": "CNVD-2021-16380"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1654"
},
{
"db": "NVD",
"id": "CVE-2021-22670"
}
]
},
"description": {
"_id": null,
"data": "An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22670"
},
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
},
{
"db": "CNVD",
"id": "CNVD-2021-16380"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22670",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-056-02",
"trust": 2.2
},
{
"db": "ZDI",
"id": "ZDI-21-261",
"trust": 1.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12000",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11998",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-259",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-16380",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0711",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1654",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
},
{
"db": "CNVD",
"id": "CNVD-2021-16380"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1654"
},
{
"db": "NVD",
"id": "CVE-2021-22670"
}
]
},
"id": "VAR-202103-0437",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16380"
}
],
"trust": 1.1535714000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16380"
}
]
},
"last_update_date": "2024-11-23T22:25:10.290000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22670"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-261/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0711"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22670"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
},
{
"db": "CNVD",
"id": "CNVD-2021-16380"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1654"
},
{
"db": "NVD",
"id": "CVE-2021-22670"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-261",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-259",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-16380",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1654",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22670",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-261",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-259",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16380",
"ident": null
},
{
"date": "2021-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1654",
"ident": null
},
{
"date": "2021-03-03T17:15:12.550000",
"db": "NVD",
"id": "CVE-2021-22670",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-261",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-259",
"ident": null
},
{
"date": "2021-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16380",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1654",
"ident": null
},
{
"date": "2024-11-21T05:50:26.747000",
"db": "NVD",
"id": "CVE-2021-22670",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1654"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-261"
},
{
"db": "ZDI",
"id": "ZDI-21-259"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1654"
}
],
"trust": 0.6
}
}
VAR-202103-0436
Vulnerability from variot - Updated: 2024-11-23 22:25Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.76"
},
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 0.7,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.76"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-260"
},
{
"db": "CNVD",
"id": "CNVD-2021-16378"
},
{
"db": "NVD",
"id": "CVE-2021-22666"
}
]
},
"credits": {
"_id": null,
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-260"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22666",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22666",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16378",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22666",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22666",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22666",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2021-22666",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-16378",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1651",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-260"
},
{
"db": "CNVD",
"id": "CNVD-2021-16378"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1651"
},
{
"db": "NVD",
"id": "CVE-2021-22666"
}
]
},
"description": {
"_id": null,
"data": "Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fatek FvDesigner is a software tool for designing and developing FATEK FV HMI series product projects",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22666"
},
{
"db": "ZDI",
"id": "ZDI-21-260"
},
{
"db": "CNVD",
"id": "CNVD-2021-16378"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22666",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-056-02",
"trust": 2.2
},
{
"db": "ZDI",
"id": "ZDI-21-260",
"trust": 1.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11999",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-16378",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0711",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1651",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-260"
},
{
"db": "CNVD",
"id": "CNVD-2021-16378"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1651"
},
{
"db": "NVD",
"id": "CVE-2021-22666"
}
]
},
"id": "VAR-202103-0436",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16378"
}
],
"trust": 1.1535714000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16378"
}
]
},
"last_update_date": "2024-11-23T22:25:10.263000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-260"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22666"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22666"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0711"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-260/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-260"
},
{
"db": "CNVD",
"id": "CNVD-2021-16378"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1651"
},
{
"db": "NVD",
"id": "CVE-2021-22666"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-260",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-16378",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1651",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22666",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-260",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16378",
"ident": null
},
{
"date": "2021-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1651",
"ident": null
},
{
"date": "2021-03-03T17:15:12.473000",
"db": "NVD",
"id": "CVE-2021-22666",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-260",
"ident": null
},
{
"date": "2021-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16378",
"ident": null
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1651",
"ident": null
},
{
"date": "2024-11-21T05:50:26.283000",
"db": "NVD",
"id": "CVE-2021-22666",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1651"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-260"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1651"
}
],
"trust": 0.6
}
}
VAR-202208-1938
Vulnerability from variot - Updated: 2024-08-14 14:43FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. FATEK Automation Provided by the company FvDesigner The following vulnerabilities exist in. It was * Out-of-bounds writing (CWE-787) - CVE-2022-2866If the vulnerability is exploited, it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvdesigner",
"scope": null,
"trust": 5.6,
"vendor": "fatek automation",
"version": null
},
{
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.103"
},
{
"model": "fvdesigner",
"scope": "lte",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.5.103 and earlier s"
},
{
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
}
],
"trust": 5.6
},
"cve": "CVE-2022-2866",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 5.6,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2866",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-2866",
"trust": 5.6,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2866",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2866",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2866",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4054",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4054"
},
{
"db": "NVD",
"id": "CVE-2022-2866"
},
{
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. FATEK Automation Provided by the company FvDesigner The following vulnerabilities exist in. It was * Out-of-bounds writing (CWE-787) - CVE-2022-2866If the vulnerability is exploited, it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"db": "VULMON",
"id": "CVE-2022-2866"
}
],
"trust": 6.75
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2866",
"trust": 8.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-237-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU99486681",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16362",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1174",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16361",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1173",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16360",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1172",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16358",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1171",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16304",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1170",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16296",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1169",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16271",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1168",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16270",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1167",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4246",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4054",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2866",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"db": "VULMON",
"id": "CVE-2022-2866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4054"
},
{
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"id": "VAR-202208-1938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5535714
},
"last_update_date": "2024-08-14T14:43:47.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 5.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-237-01"
},
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.fatek.com/en/contact_us.php"
},
{
"title": "FATEK FvDesigner Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205597"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-237-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99486681/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2866"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-237-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4246"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2866/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"db": "VULMON",
"id": "CVE-2022-2866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4054"
},
{
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"db": "VULMON",
"id": "CVE-2022-2866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4054"
},
{
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"date": "2022-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"date": "2022-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4054"
},
{
"date": "2022-08-31T16:15:11.517000",
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"date": "2022-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1167"
},
{
"date": "2024-06-13T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-002343"
},
{
"date": "2022-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4054"
},
{
"date": "2022-09-02T22:02:57.273000",
"db": "NVD",
"id": "CVE-2022-2866"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4054"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1174"
},
{
"db": "ZDI",
"id": "ZDI-22-1173"
},
{
"db": "ZDI",
"id": "ZDI-22-1172"
},
{
"db": "ZDI",
"id": "ZDI-22-1171"
},
{
"db": "ZDI",
"id": "ZDI-22-1170"
},
{
"db": "ZDI",
"id": "ZDI-22-1169"
},
{
"db": "ZDI",
"id": "ZDI-22-1168"
},
{
"db": "ZDI",
"id": "ZDI-22-1167"
}
],
"trust": 5.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4054"
}
],
"trust": 0.6
}
}
VAR-202108-0790
Vulnerability from variot - Updated: 2024-08-14 12:55FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution. FATEK Automation Provided by the company FvDesigner Is FATEK FVHMI A software tool used to design and develop series product projects. FvDesigner The following multiple vulnerabilities exist in. * Uninitialized pointer access ( CWE-824 ) - CVE-2021-32931 ‥ * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-32947 ‥ * Out-of-bounds writing ( CWE-787 ) - CVE-2021-32939The expected impact depends on each vulnerability, but it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK.
FATEK Automation FvDesigner 1.5.88 and earlier versions have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.88"
},
{
"_id": null,
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.5.88 and earlier"
},
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 0.7,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "automation fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.88"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1028"
},
{
"db": "CNVD",
"id": "CNVD-2021-70165"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "NVD",
"id": "CVE-2021-32939"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-460"
}
],
"trust": 1.3
},
"cve": "CVE-2021-32939",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-32939",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-70165",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-32939",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002266",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-32939",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32939",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002266",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-32939",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70165",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-460",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32939",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1028"
},
{
"db": "CNVD",
"id": "CNVD-2021-70165"
},
{
"db": "VULMON",
"id": "CVE-2021-32939"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-460"
},
{
"db": "NVD",
"id": "CVE-2021-32939"
}
]
},
"description": {
"_id": null,
"data": "FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution. FATEK Automation Provided by the company FvDesigner Is FATEK FVHMI A software tool used to design and develop series product projects. FvDesigner The following multiple vulnerabilities exist in. * Uninitialized pointer access ( CWE-824 ) - CVE-2021-32931 \u2025 * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-32947 \u2025 * Out-of-bounds writing ( CWE-787 ) - CVE-2021-32939The expected impact depends on each vulnerability, but it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK. \n\r\n\r\nFATEK Automation FvDesigner 1.5.88 and earlier versions have security vulnerabilities. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32939"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "ZDI",
"id": "ZDI-21-1028"
},
{
"db": "CNVD",
"id": "CNVD-2021-70165"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-32939"
}
],
"trust": 3.42
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-32939",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-02",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-1028",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU99370832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13392",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-70165",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2660",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080604",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-460",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32939",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1028"
},
{
"db": "CNVD",
"id": "CNVD-2021-70165"
},
{
"db": "VULMON",
"id": "CVE-2021-32939"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-460"
},
{
"db": "NVD",
"id": "CVE-2021-32939"
}
]
},
"id": "VAR-202108-0790",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70165"
}
],
"trust": 1.3767857000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70165"
}
]
},
"last_update_date": "2024-08-14T12:55:03.205000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.fatek.com/en/contact_us.php"
},
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1028"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Accessing uninitialized pointers (CWE-824) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "NVD",
"id": "CVE-2021-32939"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02"
},
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1028/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32939"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99370832"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2660"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1028"
},
{
"db": "CNVD",
"id": "CNVD-2021-70165"
},
{
"db": "VULMON",
"id": "CVE-2021-32939"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-460"
},
{
"db": "NVD",
"id": "CVE-2021-32939"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-1028",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-70165",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-32939",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202108-460",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-32939",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1028",
"ident": null
},
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70165",
"ident": null
},
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32939",
"ident": null
},
{
"date": "2021-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-460",
"ident": null
},
{
"date": "2021-08-11T13:15:16.243000",
"db": "NVD",
"id": "CVE-2021-32939",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1028",
"ident": null
},
{
"date": "2021-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70165",
"ident": null
},
{
"date": "2021-08-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32939",
"ident": null
},
{
"date": "2021-08-10T07:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-460",
"ident": null
},
{
"date": "2021-09-21T18:16:41.780000",
"db": "NVD",
"id": "CVE-2021-32939",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-460"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "FATEK\u00a0Automation\u00a0 Made \u00a0FvDesigner\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202108-0792
Vulnerability from variot - Updated: 2024-08-14 12:51FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. FATEK Automation Provided by the company FvDesigner Is FATEK FVHMI A software tool used to design and develop series product projects. FvDesigner The following multiple vulnerabilities exist in. * Uninitialized pointer access ( CWE-824 ) - CVE-2021-32931 ‥ * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-32947 ‥ * Out-of-bounds writing ( CWE-787 ) - CVE-2021-32939The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary code execution by processing project files crafted by a third party - CVE-2021-32931 , CVE-2021-32939 ‥ * Arbitrary code executed by a third party - CVE-2021-32947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.88"
},
{
"_id": null,
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.5.88 and earlier"
},
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 0.7,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "automation fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.88"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1029"
},
{
"db": "CNVD",
"id": "CNVD-2021-70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "NVD",
"id": "CVE-2021-32947"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1029"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-479"
}
],
"trust": 1.3
},
"cve": "CVE-2021-32947",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-32947",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-70166",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-32947",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002266",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-32947",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32947",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002266",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-32947",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70166",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-479",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32947",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1029"
},
{
"db": "CNVD",
"id": "CNVD-2021-70166"
},
{
"db": "VULMON",
"id": "CVE-2021-32947"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-479"
},
{
"db": "NVD",
"id": "CVE-2021-32947"
}
]
},
"description": {
"_id": null,
"data": "FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. FATEK Automation Provided by the company FvDesigner Is FATEK FVHMI A software tool used to design and develop series product projects. FvDesigner The following multiple vulnerabilities exist in. * Uninitialized pointer access ( CWE-824 ) - CVE-2021-32931 \u2025 * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-32947 \u2025 * Out-of-bounds writing ( CWE-787 ) - CVE-2021-32939The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary code execution by processing project files crafted by a third party - CVE-2021-32931 , CVE-2021-32939 \u2025 * Arbitrary code executed by a third party - CVE-2021-32947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32947"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "ZDI",
"id": "ZDI-21-1029"
},
{
"db": "CNVD",
"id": "CNVD-2021-70166"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-32947"
}
],
"trust": 3.42
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-32947",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-02",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-1029",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU99370832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13398",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-70166",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2660",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080604",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-479",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32947",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1029"
},
{
"db": "CNVD",
"id": "CNVD-2021-70166"
},
{
"db": "VULMON",
"id": "CVE-2021-32947"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-479"
},
{
"db": "NVD",
"id": "CVE-2021-32947"
}
]
},
"id": "VAR-202108-0792",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70166"
}
],
"trust": 1.3767857000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70166"
}
]
},
"last_update_date": "2024-08-14T12:51:44.008000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.fatek.com/en/contact_us.php"
},
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02"
},
{
"title": "Patch for FATEK Automation FvDesigner stack buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/290611"
},
{
"title": "FATEK Automation FvDesigner Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158764"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1029"
},
{
"db": "CNVD",
"id": "CNVD-2021-70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-479"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Accessing uninitialized pointers (CWE-824) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "NVD",
"id": "CVE-2021-32947"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02"
},
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1029/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32947"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99370832"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2660"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1029"
},
{
"db": "CNVD",
"id": "CNVD-2021-70166"
},
{
"db": "VULMON",
"id": "CVE-2021-32947"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-479"
},
{
"db": "NVD",
"id": "CVE-2021-32947"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-1029",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-70166",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-32947",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202108-479",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-32947",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1029",
"ident": null
},
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70166",
"ident": null
},
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32947",
"ident": null
},
{
"date": "2021-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-479",
"ident": null
},
{
"date": "2021-08-11T13:15:16.343000",
"db": "NVD",
"id": "CVE-2021-32947",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1029",
"ident": null
},
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70166",
"ident": null
},
{
"date": "2021-08-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32947",
"ident": null
},
{
"date": "2021-08-10T07:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-479",
"ident": null
},
{
"date": "2021-09-21T18:16:30.307000",
"db": "NVD",
"id": "CVE-2021-32947",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-479"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "FATEK\u00a0Automation\u00a0 Made \u00a0FvDesigner\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202108-0789
Vulnerability from variot - Updated: 2024-08-14 12:37An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. FATEK Automation Provided by the company FvDesigner Is FATEK FVHMI A software tool used to design and develop series product projects. FvDesigner The following multiple vulnerabilities exist in. * Uninitialized pointer access ( CWE-824 ) - CVE-2021-32931 ‥ * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-32947 ‥ * Out-of-bounds writing ( CWE-787 ) - CVE-2021-32939The expected impact depends on each vulnerability, but it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK Automation.
FATEK Automation FvDesigner 1.5.88 and earlier versions have a buffer overflow vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fvdesigner",
"scope": null,
"trust": 1.4,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 1.0,
"vendor": "fatek",
"version": "1.5.88"
},
{
"_id": null,
"model": "fvdesigner",
"scope": "eq",
"trust": 0.8,
"vendor": "fatek automation",
"version": null
},
{
"_id": null,
"model": "fvdesigner",
"scope": "lte",
"trust": 0.8,
"vendor": "fatek automation",
"version": "1.5.88 and earlier"
},
{
"_id": null,
"model": "automation fvdesigner",
"scope": "lte",
"trust": 0.6,
"vendor": "fatek",
"version": "\u003c=1.5.88"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
},
{
"db": "CNVD",
"id": "CNVD-2021-70167"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "NVD",
"id": "CVE-2021-32931"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-490"
}
],
"trust": 2.0
},
"cve": "CVE-2021-32931",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-32931",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-70167",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-32931",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-32931",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002266",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-32931",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32931",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002266",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-70167",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-490",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32931",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
},
{
"db": "CNVD",
"id": "CNVD-2021-70167"
},
{
"db": "VULMON",
"id": "CVE-2021-32931"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-490"
},
{
"db": "NVD",
"id": "CVE-2021-32931"
}
]
},
"description": {
"_id": null,
"data": "An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. FATEK Automation Provided by the company FvDesigner Is FATEK FVHMI A software tool used to design and develop series product projects. FvDesigner The following multiple vulnerabilities exist in. * Uninitialized pointer access ( CWE-824 ) - CVE-2021-32931 \u2025 * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-32947 \u2025 * Out-of-bounds writing ( CWE-787 ) - CVE-2021-32939The expected impact depends on each vulnerability, but it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK Automation. \n\r\n\r\nFATEK Automation FvDesigner 1.5.88 and earlier versions have a buffer overflow vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32931"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
},
{
"db": "CNVD",
"id": "CNVD-2021-70167"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-32931"
}
],
"trust": 4.05
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-32931",
"trust": 4.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-02",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-21-1030",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-21-1027",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU99370832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13400",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13388",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-70167",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2660",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080604",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-490",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32931",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
},
{
"db": "CNVD",
"id": "CNVD-2021-70167"
},
{
"db": "VULMON",
"id": "CVE-2021-32931"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-490"
},
{
"db": "NVD",
"id": "CVE-2021-32931"
}
]
},
"id": "VAR-202108-0789",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70167"
}
],
"trust": 1.3767857000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70167"
}
]
},
"last_update_date": "2024-08-14T12:37:54.477000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fatek Automation has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02"
},
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.fatek.com/en/contact_us.php"
},
{
"title": "Patch for FATEK Automation FvDesigner buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/290606"
},
{
"title": "FATEK Automation FvDesigner Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158775"
},
{
"title": "CVE-2021-32931",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2021-32931 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
},
{
"db": "CNVD",
"id": "CNVD-2021-70167"
},
{
"db": "VULMON",
"id": "CVE-2021-32931"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-490"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Accessing uninitialized pointers (CWE-824) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "NVD",
"id": "CVE-2021-32931"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1030/"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1027/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32931"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99370832"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2660"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/824.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
},
{
"db": "CNVD",
"id": "CNVD-2021-70167"
},
{
"db": "VULMON",
"id": "CVE-2021-32931"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-490"
},
{
"db": "NVD",
"id": "CVE-2021-32931"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-1030",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-1027",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-70167",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-32931",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202108-490",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-32931",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1030",
"ident": null
},
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1027",
"ident": null
},
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70167",
"ident": null
},
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32931",
"ident": null
},
{
"date": "2021-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-490",
"ident": null
},
{
"date": "2021-08-11T13:15:16.137000",
"db": "NVD",
"id": "CVE-2021-32931",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1030",
"ident": null
},
{
"date": "2021-08-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1027",
"ident": null
},
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70167",
"ident": null
},
{
"date": "2021-08-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32931",
"ident": null
},
{
"date": "2021-08-10T07:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-002266",
"ident": null
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-490",
"ident": null
},
{
"date": "2021-09-21T18:16:46.977000",
"db": "NVD",
"id": "CVE-2021-32931",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-490"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1030"
},
{
"db": "ZDI",
"id": "ZDI-21-1027"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
CVE-2023-34273 (GCVE-0-2023-34273)
Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
VLAI?
Title
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fatek Automation | FvDesigner |
Affected:
1.6.24
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "automation_fv_designer",
"vendor": "fatek",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T18:49:04.431689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T18:52:16.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-771",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-771/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FvDesigner",
"vendor": "Fatek Automation",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:01.992-05:00",
"datePublic": "2023-05-31T18:58:20.160-05:00",
"descriptions": [
{
"lang": "en",
"value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:03.602Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-771",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-771/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34273",
"datePublished": "2024-05-03T01:57:03.602Z",
"dateReserved": "2023-05-31T19:51:08.218Z",
"dateUpdated": "2024-08-02T16:01:54.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34272 (GCVE-0-2023-34272)
Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
VLAI?
Title
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
Summary
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fatek Automation | FvDesigner |
Affected:
1.6.24
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fvdesigner",
"vendor": "fatek",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T19:13:14.411401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:28:02.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-770",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-770/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FvDesigner",
"vendor": "Fatek Automation",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:01.986-05:00",
"datePublic": "2023-05-31T18:58:11.977-05:00",
"descriptions": [
{
"lang": "en",
"value": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:02.891Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-770",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-770/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34272",
"datePublished": "2024-05-03T01:57:02.891Z",
"dateReserved": "2023-05-31T19:51:08.218Z",
"dateUpdated": "2024-08-02T16:01:54.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34271 (GCVE-0-2023-34271)
Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
VLAI?
Title
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fatek Automation | FvDesigner |
Affected:
1.6.24
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fatek:fvdesigner:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fvdesigner",
"vendor": "fatek",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:35:19.156374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:13.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-769",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-769/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FvDesigner",
"vendor": "Fatek Automation",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:01.980-05:00",
"datePublic": "2023-05-31T18:58:04.427-05:00",
"descriptions": [
{
"lang": "en",
"value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:02.164Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-769",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-769/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34271",
"datePublished": "2024-05-03T01:57:02.164Z",
"dateReserved": "2023-05-31T19:51:08.218Z",
"dateUpdated": "2024-08-02T16:01:54.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34270 (GCVE-0-2023-34270)
Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
VLAI?
Title
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fatek Automation | FvDesigner |
Affected:
1.6.24
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fvdesigner",
"vendor": "fatek",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T19:18:31.143576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:31:00.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-768",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-768/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FvDesigner",
"vendor": "Fatek Automation",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:01.974-05:00",
"datePublic": "2023-05-31T18:56:58.838-05:00",
"descriptions": [
{
"lang": "en",
"value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:01.353Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-768",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-768/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34270",
"datePublished": "2024-05-03T01:57:01.353Z",
"dateReserved": "2023-05-31T19:51:08.217Z",
"dateUpdated": "2024-08-02T16:01:54.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34269 (GCVE-0-2023-34269)
Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
VLAI?
Title
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fatek Automation | FvDesigner |
Affected:
1.6.24
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "automation_fv_designer",
"vendor": "fatek",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T17:50:28.910999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T18:52:10.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-767",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-767/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FvDesigner",
"vendor": "Fatek Automation",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:01.967-05:00",
"datePublic": "2023-05-31T18:56:50.370-05:00",
"descriptions": [
{
"lang": "en",
"value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:00.648Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-767",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-767/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34269",
"datePublished": "2024-05-03T01:57:00.648Z",
"dateReserved": "2023-05-31T19:51:08.217Z",
"dateUpdated": "2024-08-02T16:01:54.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34268 (GCVE-0-2023-34268)
Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-15 15:09
VLAI?
Title
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fatek Automation | FvDesigner |
Affected:
1.6.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-766",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-766/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fvdesigner",
"vendor": "fatek",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T19:57:23.775714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:09:30.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FvDesigner",
"vendor": "Fatek Automation",
"versions": [
{
"status": "affected",
"version": "1.6.24"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:01.960-05:00",
"datePublic": "2023-05-31T18:56:38.721-05:00",
"descriptions": [
{
"lang": "en",
"value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:59.883Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-766",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-766/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34268",
"datePublished": "2024-05-03T01:56:59.883Z",
"dateReserved": "2023-05-31T19:51:08.217Z",
"dateUpdated": "2024-08-15T15:09:30.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}