CVE-2021-38436 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2021-38436?

CVE-2021-38436 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by exploiting memory corruption in FATEK Automation WinProladder when parsing malicious project files. Users of WinProladder versions 3.30 and earlier are affected, potentially compromising industrial control systems.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by exploiting memory corruption in FATEK Automation WinProladder when parsing malicious project files. Users of WinProladder versions 3.30 and earlier are affected, potentially compromising industrial control systems.

💻 Affected Systems

Products:

FATEK Automation WinProladder

Versions: 3.30 and prior

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects engineering workstations running WinProladder for programming FATEK PLCs.

📦 What is this software?

Winproladder by Fatek

View all CVEs affecting Winproladder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to take control of industrial processes, modify PLC logic, or disrupt operations.

🟠

Likely Case

Local privilege escalation or code execution on engineering workstations, potentially leading to lateral movement within OT networks.

🟢

If Mitigated

Limited impact if systems are air-gapped, use application whitelisting, and restrict project file sources.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to open a malicious project file; no known public exploits as of advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.31 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-280-06

Restart Required: Yes

Instructions:

1. Download WinProladder version 3.31 or later from FATEK website. 2. Uninstall previous version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict project file sources

windows

Only open project files from trusted sources and implement file integrity checking.

Application whitelisting

windows

Use Windows AppLocker or similar to restrict execution to approved applications only.

🧯 If You Can't Patch

Isolate engineering workstations from production networks and internet
Implement strict access controls and audit all project file transfers

🔍 How to Verify

Check if Vulnerable:

Check WinProladder version via Help > About menu; versions 3.30 or earlier are vulnerable.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 3.31 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes
Unusual file access patterns to .wpj files
Process creation from WinProladder.exe

Network Indicators:

Unusual network connections from engineering workstation
File transfers of project files from untrusted sources

SIEM Query:

source="WinProladder.exe" AND (event_type="crash" OR process_name="cmd.exe" OR process_name="powershell.exe")

📊 Metadata

CVE ID: CVE-2021-38436

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: October 18, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-280-06 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-06 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38436, you might also want to check these: