Vulnerabilities > CVE-2021-38434 - Unexpected Sign Extension vulnerability in Fatek Winproladder 3.28/3.30

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Fatek
3

Common Weakness Enumeration (CWE)