PACTware 5.0, Version <= 184.108.40.206
A critical vulnerability has been discovered in the fdtCONTAINER component by M&M Software GmbH used by PACTware.
While de-serializing PACTware 5 project files (loading PW5 files) the vulnerability can be exploited to execute arbitrary code.
An attacker might be able to exploit the vulnerability on the workstation running PACTware 5 by supplying/providing a manipulated project file. If that project file is loaded, malicious code can be executed without notice.
For more information see:
A fix for the issue will be provided with PACTware 6 in Q2 2021 which includes the proposed solution by M&M based on FDT Container component version >= 3.6.20304.x.
M&M Software GmbH
Coordinated by CERT@VDE