CVE-2023-34273
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on Fatek Automation FvDesigner installations by tricking users into opening malicious FPJ files. The flaw exists in FPJ file parsing where improper data validation enables out-of-bounds writes. Users of Fatek Automation FvDesigner software are affected.
💻 Affected Systems
- Fatek Automation FvDesigner
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to compromise of the user's workstation, potentially enabling credential theft, data exfiltration, or further network attacks.
If Mitigated
Limited impact with only the FvDesigner process affected if proper application sandboxing and least privilege principles are implemented.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). The vulnerability was discovered by Zero Day Initiative (ZDI-CAN-18183).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available references
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-23-771/
Restart Required: Yes
Instructions:
1. Contact Fatek Automation for patch availability
2. Download and install the latest version of FvDesigner
3. Restart the system after installation
4. Verify the patch is applied correctly
🔧 Temporary Workarounds
Restrict FPJ file execution
windowsBlock execution of FPJ files or restrict FvDesigner from opening untrusted files
Use Windows Group Policy to block .fpj file execution
Configure application control policies to restrict FvDesigner
User awareness training
allTrain users to only open FPJ files from trusted sources
🧯 If You Can't Patch
- Implement application whitelisting to only allow execution of signed FvDesigner binaries
- Isolate FvDesigner systems from critical network segments and implement network segmentation
🔍 How to Verify
Check if Vulnerable:
Check FvDesigner version against vendor patched version. If unable to determine, assume vulnerable if using any version prior to the latest release.Check Version:
Check FvDesigner 'About' dialog or program properties in WindowsVerify Fix Applied:
Verify FvDesigner version matches or exceeds the patched version provided by Fatek Automation. Test with known safe FPJ files to ensure functionality.📡 Detection & Monitoring
Log Indicators:
- Unexpected FvDesigner crashes
- Suspicious process creation from FvDesigner
- Multiple failed attempts to open FPJ files
Network Indicators:
- Unusual outbound connections from FvDesigner process
- File downloads to systems running FvDesigner
SIEM Query:
Process Creation where (Image contains 'FvDesigner' OR ParentImage contains 'FvDesigner') AND CommandLine contains '.fpj'