|Article No°||Product Name||Affected Version(s)|
|PACTware 5.0||<= 220.127.116.11|
A critical vulnerability has been discovered in the fdtCONTAINER component by M&M Software GmbH used by PACTware.
While de-serializing PACTware 5 project files (loading PW5 files) the vulnerability can be exploited to execute arbitrary code.
An attacker might be able to exploit the vulnerability on the workstation running PACTware 5 by supplying/providing a manipulated project file. If that project file is loaded, malicious code can be executed without notice.
For more information see:
VDE-2020-048: M&M Software (WAGO): Deserialisation of untrusted data in fdtContainer
A fix for the issue will be provided with PACTware 6 in Q2 2021 which includes the proposed solution by M&M based on FDT Container component version >= 3.6.20304.x.
M&M Software GmbH
Coordinated by CERT@VDE