I see. I'll have to arrive home and I'll look more things up to see if I find anything helpful.
I'm honestly surprised Ledger didn't try helping you out with finding where the problem is, knowing it could turn out to be a huge vulnerability nobody's found before.. especially because it's supposed not to be able to send any tx without physical confirmation..
Well, they tried, but I guess that without having access to the machine they only can try to replicate the bug using the high-level specs (Windows 10 1903/Electrum 3.3.8/Device firmware 1.6.0 BTC app 1.3.16).
Considering how widely used this setup is, and given that I didn't manage to find anything similar reported in the last 6m/1y, it's not so surprising that it's very hard to replicate otherwise hundres/thousands of reports would be made ...