Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    105 vulnerabilities by fatek

    VAR-202208-1938

    Vulnerability from variot - Updated: 2024-06-14 23:18

    FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. FATEK Automation Provided by the company FvDesigner The following vulnerabilities exist in. It was * Out-of-bounds writing (CWE-787) - CVE-2022-2866If the vulnerability is exploited, it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202208-1938",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fvdesigner",
            "scope": null,
            "trust": 5.6,
            "vendor": "fatek automation",
            "version": null
          },
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fatek",
            "version": "1.5.103"
          },
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fatek automation",
            "version": "1.5.103  and earlier  s"
          },
          {
            "model": "fvdesigner",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fatek automation",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fatek:fvdesigner:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.103",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          }
        ],
        "trust": 5.6
      },
      "cve": "CVE-2022-2866",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-2866",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 5.6,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-2866",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2022-2866",
                "trust": 5.6,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-2866",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-2866",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202208-4054",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. FATEK Automation Provided by the company FvDesigner The following vulnerabilities exist in. It was * Out-of-bounds writing (CWE-787) - CVE-2022-2866If the vulnerability is exploited, it may be affected as follows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-2866"
          }
        ],
        "trust": 6.75
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-2866",
            "trust": 8.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-237-01",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU99486681",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16362",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1174",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16361",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16360",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16358",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16304",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16296",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16271",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16270",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4246",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-2866",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-2866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "id": "VAR-202208-1938",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5535714
      },
      "last_update_date": "2024-06-14T23:18:07.031000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fatek Automation has issued an update to correct this vulnerability.",
            "trust": 5.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-237-01"
          },
          {
            "title": "Contact\u00a0Us",
            "trust": 0.8,
            "url": "https://www.fatek.com/en/contact_us.php"
          },
          {
            "title": "FATEK FvDesigner Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=205597"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 8.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-237-01"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99486681/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2866"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-237-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4246"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-2866/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-2866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-2866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "date": "2022-08-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          },
          {
            "date": "2022-08-31T16:15:11.517000",
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "date": "2022-08-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1167"
          },
          {
            "date": "2024-06-13T07:40:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002343"
          },
          {
            "date": "2022-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          },
          {
            "date": "2022-09-02T22:02:57.273000",
            "db": "NVD",
            "id": "CVE-2022-2866"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1174"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1173"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1172"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1171"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1169"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1168"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1167"
          }
        ],
        "trust": 5.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4054"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-1073

    Vulnerability from variot - Updated: 2023-12-18 13:53

    An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLC configuration data from a network source. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user. Winproladder is a free PLC programming software. Failed exploit attempts will likely cause a denial-of-service condition. Fatek Automation PLC WinProladder is a set of programmable logic controller software from Fatek Automation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-1073",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "plc winproladder",
            "scope": null,
            "trust": 1.5,
            "vendor": "fatek automation",
            "version": null
          },
          {
            "model": "plc winproladder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fatek",
            "version": "3.11"
          },
          {
            "model": "automation plc winproladder build",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "fatek",
            "version": "3.1114701"
          },
          {
            "model": "plc winproladder",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fatek automation",
            "version": "3.11 build 14701"
          },
          {
            "model": "plc winproladder",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fatek automation",
            "version": "3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "plc winproladder",
            "version": "3.11"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "db": "BID",
            "id": "94938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:fatek:plc_winproladder_firmware:3.11:build_14701:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:fatek:plc_winproladder:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "BID",
            "id": "94938"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2016-8377",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-8377",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "MULTIPLE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2016-8377",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-13112",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "VHN-97197",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-8377",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-8377",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-8377",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-13112",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201612-581",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97197",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLC configuration data from a network source.  The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.  An attacker can leverage this vulnerability to execute arbitrary code under the context of the user. Winproladder is a free PLC programming software. Failed exploit attempts will likely cause a denial-of-service condition. Fatek Automation PLC WinProladder is a set of programmable logic controller software from Fatek Automation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "db": "BID",
            "id": "94938"
          },
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          }
        ],
        "trust": 3.33
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-97197",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8377",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-350-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "94938",
            "trust": 2.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "42700",
            "trust": 1.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-672",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3705",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "0E3D54FC-9C96-4A19-B308-F030B1714E2A",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "144151",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97197",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          },
          {
            "db": "BID",
            "id": "94938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ]
      },
      "id": "VAR-201702-1073",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          }
        ],
        "trust": 1.7333333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:53:05.213000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.fatek.com/en/"
          },
          {
            "title": "Fatek Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-350-01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-350-01"
          },
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/94938"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/42700/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8377"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8377"
          },
          {
            "trust": 0.3,
            "url": "http://www.fatek.com/en/"
          },
          {
            "trust": 0.3,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-672/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          },
          {
            "db": "BID",
            "id": "94938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97197"
          },
          {
            "db": "BID",
            "id": "94938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-27T00:00:00",
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "date": "2016-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97197"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "BID",
            "id": "94938"
          },
          {
            "date": "2017-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "date": "2017-02-13T21:59:01.347000",
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "date": "2016-12-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-672"
          },
          {
            "date": "2016-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          },
          {
            "date": "2017-09-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97197"
          },
          {
            "date": "2017-05-02T05:06:00",
            "db": "BID",
            "id": "94938"
          },
          {
            "date": "2017-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007850"
          },
          {
            "date": "2021-10-28T11:55:21.823000",
            "db": "NVD",
            "id": "CVE-2016-8377"
          },
          {
            "date": "2021-11-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PLC WinProladder Stack Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "0e3d54fc-9c96-4a19-b308-f030b1714e2a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13112"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-581"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0419

    Vulnerability from variot - Updated: 2023-12-18 13:14

    An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PM Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a pm3 file. A malformed file can lead to heap memory corruption. A remote attacker can leverage this vulnerability to cause arbitrary code execution in the context of the user. Multiple Fatek Automation Products are prone to multiple remote code-execution vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0419",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "automation pm designer",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "fatek",
            "version": "2.1.2.2"
          },
          {
            "model": "automation fv designer",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "fatek",
            "version": "1.2.8.0"
          },
          {
            "model": "fv designer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fatek automation",
            "version": "1.2.8.0"
          },
          {
            "model": "pm designer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fatek automation",
            "version": "v3 2.1.2.2"
          },
          {
            "model": "pm designer",
            "scope": null,
            "trust": 0.7,
            "vendor": "fatek automation",
            "version": null
          },
          {
            "model": "fvdesigner",
            "scope": null,
            "trust": 0.7,
            "vendor": "fatek automation",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "db": "BID",
            "id": "93105"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fatek:automation_fv_designer:1.2.8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fatek:automation_pm_designer:2.1.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2016-5798",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-5798",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "ZDI-16-525",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-5798",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-5798",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-5798",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "ZDI-16-525",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-5798",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201610-436",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PM Designer.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a pm3 file.  A malformed file can lead to heap memory corruption.  A remote attacker can leverage this vulnerability to cause arbitrary code execution in the context of the user. Multiple Fatek Automation Products are prone to multiple remote code-execution vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "db": "BID",
            "id": "93105"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5798",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-287-06",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "93105",
            "trust": 1.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-525",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3586",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3676",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-634",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "db": "BID",
            "id": "93105"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ]
      },
      "id": "VAR-201702-0419",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5535714
      },
      "last_update_date": "2023-12-18T13:14:25.792000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.fatek.com/en/"
          },
          {
            "title": "Fatek Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-06"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-06"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/93105"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5798"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5798"
          },
          {
            "trust": 0.3,
            "url": "http://www.fatek.com/en/"
          },
          {
            "trust": 0.3,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-525/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "db": "BID",
            "id": "93105"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "db": "BID",
            "id": "93105"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "date": "2016-12-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "date": "2016-09-21T00:00:00",
            "db": "BID",
            "id": "93105"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "date": "2017-02-13T21:59:00.267000",
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "date": "2016-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-525"
          },
          {
            "date": "2016-12-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-634"
          },
          {
            "date": "2016-10-26T09:08:00",
            "db": "BID",
            "id": "93105"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          },
          {
            "date": "2017-02-17T15:07:08.957000",
            "db": "NVD",
            "id": "CVE-2016-5798"
          },
          {
            "date": "2016-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fatek Automation PM Designer V3 and  FV Designer Vulnerable to stack-based buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007657"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-436"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0216

    Vulnerability from variot - Updated: 2023-12-18 13:12

    The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0216",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fvdesigner",
            "scope": null,
            "trust": 4.2,
            "vendor": "fatek automation",
            "version": null
          },
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fatek",
            "version": "1.5.100"
          },
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fatek",
            "version": "\u003c=1.5.100"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fatek:fvdesigner:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.100",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xina1i",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          }
        ],
        "trust": 4.2
      },
      "cve": "CVE-2022-23985",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-21228",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-23985",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 4.2,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2022-23985",
                "trust": 4.2,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23985",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-23985",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-21228",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1934",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          }
        ],
        "trust": 5.22
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23985",
            "trust": 6.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-440",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-055-01",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14854",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14855",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14852",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14802",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14800",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14797",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0823",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022513",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1934",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ]
      },
      "id": "VAR-202202-0216",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          }
        ],
        "trust": 1.1535714000000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:12:13.358000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fatek Automation has issued an update to correct this vulnerability.",
            "trust": 4.2,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
          },
          {
            "trust": 2.2,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-438/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-432/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-433/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-434/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-437/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-440/"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23985"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-23985/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0823"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022513"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "date": "2022-03-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          },
          {
            "date": "2022-02-25T19:15:25.157000",
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "date": "2022-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-432"
          },
          {
            "date": "2022-03-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-21228"
          },
          {
            "date": "2022-05-10T20:33:40.977000",
            "db": "NVD",
            "id": "CVE-2022-23985"
          },
          {
            "date": "2022-03-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-440"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-438"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-437"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-432"
          }
        ],
        "trust": 4.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1934"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0218

    Vulnerability from variot - Updated: 2023-12-18 13:12

    The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK.

    A buffer error vulnerability exists in FATEK Automation FvDesigner

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0218",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fvdesigner",
            "scope": null,
            "trust": 2.1,
            "vendor": "fatek automation",
            "version": null
          },
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fatek",
            "version": "1.5.100"
          },
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fatek",
            "version": "\u003c=1.5.100"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fatek:fvdesigner:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.100",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xina1i",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2022-21209",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-21227",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21209",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.1,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2022-21209",
                "trust": 2.1,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21209",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-21209",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-21227",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1932",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK. \n\r\n\r\nA buffer error vulnerability exists in FATEK Automation FvDesigner",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21209",
            "trust": 4.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-439",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-055-01",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14858",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14853",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-14591",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0823",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022513",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1932",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ]
      },
      "id": "VAR-202202-0218",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          }
        ],
        "trust": 1.1535714000000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:12:13.322000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fatek Automation has issued an update to correct this vulnerability.",
            "trust": 2.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
          },
          {
            "trust": 2.2,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-439/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-435/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-22-436/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21209"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-21209/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0823"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022513"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "date": "2022-03-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          },
          {
            "date": "2022-02-25T19:15:22.200000",
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "date": "2022-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-436"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-435"
          },
          {
            "date": "2022-03-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-21227"
          },
          {
            "date": "2022-04-25T17:41:09.270000",
            "db": "NVD",
            "id": "CVE-2022-21209"
          },
          {
            "date": "2022-03-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-439"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-436"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1932"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0217

    Vulnerability from variot - Updated: 2023-12-18 13:12

    The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. FATEK Automation FvDesigner is a human-computer interaction device of FATEK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0217",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fatek",
            "version": "1.5.100"
          },
          {
            "model": "fvdesigner",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fatek",
            "version": "\u003c=1.5.100"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fatek:fvdesigner:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.100",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "reported these vulnerabilities to CISA.,Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-25170",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-21229",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-25170",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-25170",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-21229",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1938",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. FATEK Automation FvDesigner is a human-computer interaction device of FATEK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25170",
            "trust": 2.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-055-01",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0823",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022513",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ]
      },
      "id": "VAR-202202-0217",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          }
        ],
        "trust": 1.1535714000000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:12:13.299000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25170"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-25170/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0823"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022513"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          },
          {
            "date": "2022-02-25T19:15:25.597000",
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "date": "2022-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          },
          {
            "date": "2022-03-08T15:50:35.297000",
            "db": "NVD",
            "id": "CVE-2022-25170"
          },
          {
            "date": "2022-03-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "FATEK Automation FvDesigner Buffer Overflow Vulnerability (CNVD-2022-21229)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-21229"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1938"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-34273 (GCVE-0-2023-34273)

    Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek automation_fv_designer Affected: 1.6.24
        cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_fv_designer",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-17T18:49:04.431689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-17T18:52:16.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-771",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-771/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.992Z",
          "datePublic": "2023-05-31T23:58:20.160Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:03.602Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-771",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-771/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34273",
        "datePublished": "2024-05-03T01:57:03.602Z",
        "dateReserved": "2023-05-31T19:51:08.218Z",
        "dateUpdated": "2024-08-02T16:01:54.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34272 (GCVE-0-2023-34272)

    Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T19:13:14.411401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:28:02.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-770",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-770/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.986Z",
          "datePublic": "2023-05-31T23:58:11.977Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824: Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:02.891Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-770",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-770/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34272",
        "datePublished": "2024-05-03T01:57:02.891Z",
        "dateReserved": "2023-05-31T19:51:08.218Z",
        "dateUpdated": "2024-08-02T16:01:54.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34271 (GCVE-0-2023-34271)

    Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: -
        cpe:2.3:a:fatek:fvdesigner:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:35:19.156374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:21:13.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-769",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-769/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.980Z",
          "datePublic": "2023-05-31T23:58:04.427Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:02.164Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-769",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-769/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34271",
        "datePublished": "2024-05-03T01:57:02.164Z",
        "dateReserved": "2023-05-31T19:51:08.218Z",
        "dateUpdated": "2024-08-02T16:01:54.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34270 (GCVE-0-2023-34270)

    Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T19:18:31.143576Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:31:00.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-768",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-768/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.974Z",
          "datePublic": "2023-05-31T23:56:58.838Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:01.353Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-768",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-768/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34270",
        "datePublished": "2024-05-03T01:57:01.353Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34269 (GCVE-0-2023-34269)

    Vulnerability from nvd – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek automation_fv_designer Affected: 1.6.24
        cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_fv_designer",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T17:50:28.910999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-17T18:52:10.640Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-767",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-767/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.967Z",
          "datePublic": "2023-05-31T23:56:50.370Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:00.648Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-767",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-767/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34269",
        "datePublished": "2024-05-03T01:57:00.648Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34268 (GCVE-0-2023-34268)

    Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-15 15:09
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-766",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-766/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-15T19:57:23.775714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T15:09:30.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.960Z",
          "datePublic": "2023-05-31T23:56:38.721Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:59.883Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-766",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-766/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34268",
        "datePublished": "2024-05-03T01:56:59.883Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-15T15:09:30.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34267 (GCVE-0-2023-34267)

    Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18170.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T19:21:08.424543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:31:32.330Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.414Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-765",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-765/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.954Z",
          "datePublic": "2023-05-31T23:56:30.684Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18170."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:59.070Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-765",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-765/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34267",
        "datePublished": "2024-05-03T01:56:59.070Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34266 (GCVE-0-2023-34266)

    Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18168.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek_automation fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek_automation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T17:42:17.008904Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T17:43:31.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-764",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-764/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.947Z",
          "datePublic": "2023-05-31T23:56:21.099Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18168."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:58.387Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-764",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-764/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34266",
        "datePublished": "2024-05-03T01:56:58.387Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34265 (GCVE-0-2023-34265)

    Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18166.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T19:53:33.773191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T17:00:54.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-763",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-763/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.895Z",
          "datePublic": "2023-05-31T23:56:11.171Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18166."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:57.647Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-763",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-763/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34265",
        "datePublished": "2024-05-03T01:56:57.647Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34264 (GCVE-0-2023-34264)

    Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18164.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek_automation fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:55
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek_automation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-06T13:34:01.621407Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:45:58.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-762",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-762/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.888Z",
          "datePublic": "2023-05-31T23:55:59.894Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18164."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:56.883Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-762",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-762/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34264",
        "datePublished": "2024-05-03T01:56:56.883Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34263 (GCVE-0-2023-34263)

    Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:55
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:19:47.194645Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T19:16:48.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-761",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-761/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.881Z",
          "datePublic": "2023-05-31T23:55:43.062Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824: Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:56.183Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-761",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-761/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34263",
        "datePublished": "2024-05-03T01:56:56.183Z",
        "dateReserved": "2023-05-31T19:51:08.216Z",
        "dateUpdated": "2024-08-02T16:01:54.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34262 (GCVE-0-2023-34262)

    Vulnerability from nvd – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18161.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek_automation fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek_automation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-10T20:15:37.141511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-10T20:24:22.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-760",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-760/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.870Z",
          "datePublic": "2023-05-31T23:54:53.428Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18161."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:55.429Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-760",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-760/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34262",
        "datePublished": "2024-05-03T01:56:55.429Z",
        "dateReserved": "2023-05-31T19:51:08.216Z",
        "dateUpdated": "2024-08-02T16:01:54.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34273 (GCVE-0-2023-34273)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek automation_fv_designer Affected: 1.6.24
        cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_fv_designer",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-17T18:49:04.431689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-17T18:52:16.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-771",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-771/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.992Z",
          "datePublic": "2023-05-31T23:58:20.160Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18183."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:03.602Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-771",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-771/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34273",
        "datePublished": "2024-05-03T01:57:03.602Z",
        "dateReserved": "2023-05-31T19:51:08.218Z",
        "dateUpdated": "2024-08-02T16:01:54.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34272 (GCVE-0-2023-34272)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T19:13:14.411401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:28:02.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-770",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-770/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.986Z",
          "datePublic": "2023-05-31T23:58:11.977Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824: Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:02.891Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-770",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-770/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34272",
        "datePublished": "2024-05-03T01:57:02.891Z",
        "dateReserved": "2023-05-31T19:51:08.218Z",
        "dateUpdated": "2024-08-02T16:01:54.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34271 (GCVE-0-2023-34271)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: -
        cpe:2.3:a:fatek:fvdesigner:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:35:19.156374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:21:13.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-769",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-769/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.980Z",
          "datePublic": "2023-05-31T23:58:04.427Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18178."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:02.164Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-769",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-769/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34271",
        "datePublished": "2024-05-03T01:57:02.164Z",
        "dateReserved": "2023-05-31T19:51:08.218Z",
        "dateUpdated": "2024-08-02T16:01:54.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34270 (GCVE-0-2023-34270)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T19:18:31.143576Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:31:00.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-768",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-768/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.974Z",
          "datePublic": "2023-05-31T23:56:58.838Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18176."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:01.353Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-768",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-768/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34270",
        "datePublished": "2024-05-03T01:57:01.353Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34269 (GCVE-0-2023-34269)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek automation_fv_designer Affected: 1.6.24
        cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:automation_fv_designer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_fv_designer",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T17:50:28.910999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-17T18:52:10.640Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-767",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-767/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.967Z",
          "datePublic": "2023-05-31T23:56:50.370Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18173."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:57:00.648Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-767",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-767/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34269",
        "datePublished": "2024-05-03T01:57:00.648Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34268 (GCVE-0-2023-34268)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-15 15:09
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-766",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-766/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-15T19:57:23.775714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T15:09:30.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.960Z",
          "datePublic": "2023-05-31T23:56:38.721Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18172."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:59.883Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-766",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-766/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34268",
        "datePublished": "2024-05-03T01:56:59.883Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-15T15:09:30.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34267 (GCVE-0-2023-34267)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18170.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T19:21:08.424543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:31:32.330Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.414Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-765",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-765/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.954Z",
          "datePublic": "2023-05-31T23:56:30.684Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18170."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:59.070Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-765",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-765/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34267",
        "datePublished": "2024-05-03T01:56:59.070Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34266 (GCVE-0-2023-34266)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18168.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek_automation fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek_automation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T17:42:17.008904Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T17:43:31.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-764",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-764/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.947Z",
          "datePublic": "2023-05-31T23:56:21.099Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18168."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:58.387Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-764",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-764/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34266",
        "datePublished": "2024-05-03T01:56:58.387Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34265 (GCVE-0-2023-34265)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18166.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T19:53:33.773191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T17:00:54.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-763",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-763/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.895Z",
          "datePublic": "2023-05-31T23:56:11.171Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18166."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:57.647Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-763",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-763/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34265",
        "datePublished": "2024-05-03T01:56:57.647Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34264 (GCVE-0-2023-34264)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18164.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek_automation fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:55
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek_automation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-06T13:34:01.621407Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:45:58.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-762",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-762/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.888Z",
          "datePublic": "2023-05-31T23:55:59.894Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18164."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:56.883Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-762",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-762/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34264",
        "datePublished": "2024-05-03T01:56:56.883Z",
        "dateReserved": "2023-05-31T19:51:08.217Z",
        "dateUpdated": "2024-08-02T16:01:54.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34263 (GCVE-0-2023-34263)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:55
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek:fvdesigner:1.6.24:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:19:47.194645Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T19:16:48.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-761",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-761/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.881Z",
          "datePublic": "2023-05-31T23:55:43.062Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824: Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:56.183Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-761",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-761/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34263",
        "datePublished": "2024-05-03T01:56:56.183Z",
        "dateReserved": "2023-05-31T19:51:08.216Z",
        "dateUpdated": "2024-08-02T16:01:54.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34262 (GCVE-0-2023-34262)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 16:01
    VLAI
    Title
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18161.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Fatek Automation FvDesigner Affected: 1.6.24
    Create a notification for this product.
    fatek_automation fvdesigner Affected: 1.6.24
        cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-31 23:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fatek_automation:fvdesigner:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fvdesigner",
                "vendor": "fatek_automation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.6.24"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-10T20:15:37.141511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-10T20:24:22.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-760",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-760/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FvDesigner",
              "vendor": "Fatek Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.24"
                }
              ]
            }
          ],
          "dateAssigned": "2023-05-31T20:02:01.870Z",
          "datePublic": "2023-05-31T23:54:53.428Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18161."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:56:55.429Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-760",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-760/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-34262",
        "datePublished": "2024-05-03T01:56:55.429Z",
        "dateReserved": "2023-05-31T19:51:08.216Z",
        "dateUpdated": "2024-08-02T16:01:54.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }