Login Sign Up

CVE-2021-22683

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-22683 is an out-of-bounds write vulnerability in Fatek FvDesigner software that allows arbitrary code execution when processing malicious project files. This affects industrial control system engineers and organizations using Fatek PLC programming software. Attackers can achieve remote code execution by tricking users into opening specially crafted project files.

💻 Affected Systems

Products:
  • Fatek FvDesigner
Versions: Version 1.5.76 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of vulnerable versions; no special configuration required for exploitation.

📦 What is this software?

Fvdesigner by Fatek

View all CVEs affecting Fvdesigner →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of engineering workstation leading to lateral movement into industrial control networks, manipulation of PLC logic, and potential physical process disruption.

🟠

Likely Case

Compromise of engineering workstation allowing theft of intellectual property, credential harvesting, and establishing foothold for further attacks.

🟢

If Mitigated

Isolated compromise of single workstation with limited impact due to network segmentation and restricted privileges.

🌐 Internet-Facing: LOW - FvDesigner is typically not exposed directly to the internet.
🏢 Internal Only: HIGH - Attackers can exploit via phishing or compromised internal systems to target engineering workstations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open malicious project file; no authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.5.77 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02

Restart Required: Yes

Instructions:

1. Download latest version from Fatek website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict project file execution

windows

Block execution of .fvp project files via application control or group policy

Using AppLocker: New-AppLockerPolicy -RuleType Path -Action Deny -Path "*.fvp" -User Everyone

User training and file validation

all

Train users to only open project files from trusted sources and validate file integrity

🧯 If You Can't Patch

  • Network segmentation: Isolate engineering workstations from general corporate network and internet
  • Least privilege: Run FvDesigner with restricted user accounts, disable administrative privileges

🔍 How to Verify

Check if Vulnerable:

Check FvDesigner version via Help > About menu; versions 1.5.76 or earlier are vulnerable

Check Version:

Not applicable - check via GUI only

Verify Fix Applied:

Verify version is 1.5.77 or later in Help > About menu

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes of FvDesigner.exe
  • Creation of suspicious child processes from FvDesigner

Network Indicators:

  • Outbound connections from engineering workstations to unexpected destinations

SIEM Query:

Process Creation where Image ends with 'FvDesigner.exe' and CommandLine contains suspicious patterns

📊 Metadata

CVE ID: CVE-2021-22683
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 3, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22683, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)