CVE-2021-32947 – CVE-2021-32947 is a stack-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2021-32947?

CVE-2021-32947 has a CVSS score of 7.8 (HIGH). CVE-2021-32947 is a stack-based buffer overflow vulnerability in FATEK Automation FvDesigner software that allows attackers to execute arbitrary code on affected systems. This affects users of FvDesigner versions 1.5.88 and earlier who process malicious project files. The vulnerability could lead to complete system compromise.

📋 TL;DR

CVE-2021-32947 is a stack-based buffer overflow vulnerability in FATEK Automation FvDesigner software that allows attackers to execute arbitrary code on affected systems. This affects users of FvDesigner versions 1.5.88 and earlier who process malicious project files. The vulnerability could lead to complete system compromise.

💻 Affected Systems

Products:

FATEK Automation FvDesigner

Versions: Versions 1.5.88 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when processing specially crafted project files (.fpj).

📦 What is this software?

Fvdesigner by Fatek

View all CVEs affecting Fvdesigner →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, allowing installation of persistent malware, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution leading to system compromise, data exfiltration, and potential ransomware deployment on affected engineering workstations.

🟢

If Mitigated

Limited impact with proper network segmentation and application whitelisting preventing successful exploitation.

🌐 Internet-Facing: LOW - FvDesigner is typically used on internal engineering workstations, not directly internet-facing systems.

🏢 Internal Only: HIGH - Attackers with internal access or who can deliver malicious files via email/phishing could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to open malicious project files. Proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.5.89 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02

Restart Required: Yes

Instructions:

1. Download FvDesigner version 1.5.89 or later from FATEK Automation website. 2. Uninstall previous version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict project file execution

windows

Block execution of .fpj files or restrict to trusted sources only

Use Windows Group Policy to restrict .fpj file execution
Configure application whitelisting to only allow signed FvDesigner executables

Network segmentation

all

Isolate engineering workstations from critical networks

Implement VLAN segmentation for engineering workstations
Configure firewall rules to restrict engineering workstation network access

🧯 If You Can't Patch

Implement strict application whitelisting to prevent unauthorized code execution
Isolate affected systems in a segmented network with limited access to critical assets

🔍 How to Verify

Check if Vulnerable:

Check FvDesigner version in Help > About menu. If version is 1.5.88 or earlier, system is vulnerable.

Check Version:

Check FvDesigner.exe properties or use 'wmic product where name="FvDesigner" get version' in command prompt

Verify Fix Applied:

Verify FvDesigner version is 1.5.89 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing FvDesigner crashes
Application logs showing abnormal .fpj file processing
Antivirus alerts for suspicious FvDesigner behavior

Network Indicators:

Unusual outbound connections from engineering workstations
Traffic to known malicious IPs from FvDesigner systems

SIEM Query:

source="windows" AND (event_id=1000 OR event_id=1001) AND process_name="FvDesigner.exe"

📊 Metadata

CVE ID: CVE-2021-32947

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: August 11, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-1029/ Third Party Advisory,VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-1029/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32947, you might also want to check these: