7.8
CVE-2021-38434
- EPSS 0.91%
- Veröffentlicht 18.10.2021 13:15:09
- Zuletzt bearbeitet 21.11.2024 06:17:05
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginFATEK Automation WinProladder
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fatek ≫ Winproladder Version <= 3.30
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.91% | 0.553 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-194 Unexpected Sign Extension
The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-06