Vulnerability Description
An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fatek | Fvdesigner | <= 1.5.88 |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02Third Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-21-1027/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1030/Third Party AdvisoryVDB Entry
- https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02Third Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-21-1027/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1030/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-32931?
CVE-2021-32931 is a vulnerability with a CVSS score of 7.8 (HIGH). An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project f...
How severe is CVE-2021-32931?
CVE-2021-32931 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32931?
Check the references section above for vendor advisories and patch information. Affected products include: Fatek Fvdesigner.