Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for Alpha5 by Fuji Electric

    VAR-201908-0869

    Vulnerability from variot - Updated: 2024-11-23 22:44

    Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application. Alpha5 Smart Loader Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of an administrator

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "alpha5",
            "scope": null,
            "trust": 3.5,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "alpha5 smart loader",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "alpha5 smart loader",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.2"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13520"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:fujielectric:alpha5_smart_loader_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Natnael Samson (@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2019-13520",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-13520",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-13520",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 3.5,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-13520",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-13520",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2019-13520",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-13520",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-13520",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-1135",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13520"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application. Alpha5 Smart Loader Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLD files.  The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer.  An attacker can leverage this vulnerability to execute code in the context of an administrator",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          }
        ],
        "trust": 4.77
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13520",
            "trust": 5.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-227-02",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-798",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763",
            "trust": 1.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8566",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8756",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8590",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8568",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8772",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3148",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13520"
          }
        ]
      },
      "id": "VAR-201908-0869",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.43333334
      },
      "last_update_date": "2024-11-23T22:44:55.534000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-02"
          },
          {
            "title": "ALPHA5 Smart",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/products/servo/alpha5smart/overview/index.html"
          },
          {
            "title": "Fuji Electric Alpha5 Smart Loader Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96796"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13520"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 6.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-798/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-820/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13520"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13520"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3148/"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-763/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13520"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-820",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-761",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008520",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13520",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-798",
            "ident": null
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-762",
            "ident": null
          },
          {
            "date": "2019-09-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-820",
            "ident": null
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-761",
            "ident": null
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-763",
            "ident": null
          },
          {
            "date": "2019-09-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008520",
            "ident": null
          },
          {
            "date": "2019-08-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1135",
            "ident": null
          },
          {
            "date": "2019-08-20T20:15:11.933000",
            "db": "NVD",
            "id": "CVE-2019-13520",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-798",
            "ident": null
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-762",
            "ident": null
          },
          {
            "date": "2019-09-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-820",
            "ident": null
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-761",
            "ident": null
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-763",
            "ident": null
          },
          {
            "date": "2019-09-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008520",
            "ident": null
          },
          {
            "date": "2020-10-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1135",
            "ident": null
          },
          {
            "date": "2024-11-21T04:25:03.823000",
            "db": "NVD",
            "id": "CVE-2019-13520",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric Alpha5 SDP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-798"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-762"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-763"
          }
        ],
        "trust": 2.1
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1135"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-2123

    Vulnerability from variot - Updated: 2024-11-23 22:10

    The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Alpha5 Smart Loader An out-of-bounds write vulnerability exists in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5P files in the Server Operator module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202110-2123",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "alpha5",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.3"
          },
          {
            "model": "alpha5 smart loader",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "alpha5 smart loader  firmware"
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xina1i",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2022-21228",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-21228",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2022-21228",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21228",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21228",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-21228",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2022-21228",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21228",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-21228",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21228",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2663",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21228",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21228"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Alpha5 Smart Loader An out-of-bounds write vulnerability exists in the firmware.Information is obtained, information is tampered with, and service is disrupted  (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5P files in the Server Operator module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21228"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21228",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-090-03",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU94149543",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13990",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-389",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13941",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21228",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21228"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "id": "VAR-202110-2123",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.43333334
      },
      "last_update_date": "2024-11-23T22:10:53.679000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric Alpha5 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190334"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu94149543/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21228"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-21228/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-21228"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21228"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "date": "2021-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1209"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21228"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "date": "2022-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          },
          {
            "date": "2022-04-12T17:15:09.227000",
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1209"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21228"
          },
          {
            "date": "2022-04-21T06:03:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001567"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          },
          {
            "date": "2024-11-21T06:44:09.170000",
            "db": "NVD",
            "id": "CVE-2022-21228"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-389"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1209"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2663"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-1889

    Vulnerability from variot - Updated: 2024-11-23 22:10

    The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. Alpha5 Smart Loader There is a vulnerability in the firmware regarding access to uninitialized pointers.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5V files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1889",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "alpha5 smart loader",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.3"
          },
          {
            "model": "alpha5 smart loader",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "alpha5 smart loader  firmware"
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xina1i",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-387"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2022-21168",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-21168",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21168",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21168",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-21168",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21168",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21168",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-21168",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21168",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2022-21168",
                "trust": 0.7,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2669",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21168",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-387"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. Alpha5 Smart Loader There is a vulnerability in the firmware regarding access to uninitialized pointers.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5V files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-387"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21168"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21168",
            "trust": 4.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-090-03",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU94149543",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13876",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-387",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21168",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-387"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "id": "VAR-202202-1889",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.43333334
      },
      "last_update_date": "2024-11-23T22:10:53.650000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric Alpha5 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190336"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-824",
            "trust": 1.0
          },
          {
            "problemtype": "Accessing uninitialized pointers (CWE-824) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu94149543/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21168"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-21168/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/824.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-21168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-387"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-387"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21168"
          },
          {
            "date": "2022-04-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "date": "2022-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          },
          {
            "date": "2022-04-12T17:15:09.053000",
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-387"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21168"
          },
          {
            "date": "2022-04-25T07:45:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          },
          {
            "date": "2024-11-21T06:44:01.630000",
            "db": "NVD",
            "id": "CVE-2022-21168"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alpha5\u00a0Smart\u00a0Loader\u00a0 Uninitialized pointer access vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001574"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2669"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-2121

    Vulnerability from variot - Updated: 2024-11-23 22:10

    The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. Alpha5 Smart Loader There is an out-of-bounds read vulnerability in the firmware.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of A5V files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202110-2121",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "alpha5",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.3"
          },
          {
            "model": "alpha5 smart loader",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "alpha5 smart loader  firmware"
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xina1i",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1211"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2022-21202",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-21202",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21202",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21202",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21202",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-21202",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2022-21202",
                "trust": 1.4,
                "value": "LOW"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21202",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-21202",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21202",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2666",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21202",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1211"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. Alpha5 Smart Loader There is an out-of-bounds read vulnerability in the firmware.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of A5V files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1211"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21202"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21202",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-090-03",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU94149543",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13938",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-388",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13999",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1211",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21202",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1211"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "id": "VAR-202110-2121",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.43333334
      },
      "last_update_date": "2024-11-23T22:10:53.616000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric Alpha5 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190335"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds read (CWE-125) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu94149543/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21202"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-21202/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-21202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1211"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "date": "2021-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1211"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21202"
          },
          {
            "date": "2022-04-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "date": "2022-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          },
          {
            "date": "2022-04-12T17:15:09.110000",
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-388"
          },
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1211"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21202"
          },
          {
            "date": "2022-04-25T07:48:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          },
          {
            "date": "2024-11-21T06:44:05.777000",
            "db": "NVD",
            "id": "CVE-2022-21202"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alpha5\u00a0Smart\u00a0Loader\u00a0 Firmware out-of-bounds read vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001575"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2666"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-2124

    Vulnerability from variot - Updated: 2024-11-23 22:10

    The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. Alpha5 Smart Loader A heap-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5P files in the Server Operator module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202110-2124",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "alpha5 smart loader",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.3"
          },
          {
            "model": "alpha5 smart loader",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "alpha5 smart loader  firmware"
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xina1i",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1208"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2022-21214",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-21214",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2022-21214",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21214",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-21214",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-21214",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-21214",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-21214",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-21214",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2022-21214",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2659",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-21214",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. Alpha5 Smart Loader A heap-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service is disrupted  (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5P files in the Server Operator module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21214"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21214",
            "trust": 4.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-090-03",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU94149543",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13939",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1208",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21214",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "id": "VAR-202110-2124",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.43333334
      },
      "last_update_date": "2024-11-23T22:10:53.585000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric Alpha5 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187388"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu94149543/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21214"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-21214/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/122.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-21214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-21214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1208"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21214"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "date": "2022-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          },
          {
            "date": "2022-04-12T17:15:09.170000",
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1208"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-21214"
          },
          {
            "date": "2022-04-21T06:03:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          },
          {
            "date": "2024-11-21T06:44:07.813000",
            "db": "NVD",
            "id": "CVE-2022-21214"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alpha5\u00a0Smart\u00a0Loader\u00a0 Heap-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001566"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2659"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-2122

    Vulnerability from variot - Updated: 2024-11-23 22:10

    The affected product is vulnerable to an out-of-bounds read, which may result in code execution. Fuji Electric's Alpha5 Smart Loader An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5P files in the Server Operator module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202110-2122",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "alpha5 smart loader",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.3"
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "alpha5 smart loader",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "alpha5 smart loader  firmware  4.3"
          },
          {
            "model": "alpha5",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xina1i",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1210"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2022-24383",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-24383",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-24383",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-24383",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-24383",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-24383",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-24383",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-24383",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2022-24383",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2665",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-24383",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-24383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable to an out-of-bounds read, which may result in code execution. Fuji Electric\u0027s Alpha5 Smart Loader An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of C5P files in the Server Operator module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-24383"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-24383",
            "trust": 4.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-090-03",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU94149543",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13942",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-1210",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-24383",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-24383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "id": "VAR-202110-2122",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.43333334
      },
      "last_update_date": "2024-11-23T22:10:53.556000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric Alpha5 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187391"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds read (CWE-125) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94149543/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24383"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-24383/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-24383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-1210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-24383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1210"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-24383"
          },
          {
            "date": "2023-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "date": "2022-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          },
          {
            "date": "2022-04-12T17:15:09.443000",
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-03-23T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-1210"
          },
          {
            "date": "2022-04-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-24383"
          },
          {
            "date": "2023-07-24T08:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          },
          {
            "date": "2024-11-21T06:50:18.380000",
            "db": "NVD",
            "id": "CVE-2022-24383"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Alpha5\u00a0Smart\u00a0Loader\u00a0 Out-of-bounds read vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008134"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2665"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2022-24383 (GCVE-0-2022-24383)

    Vulnerability from nvd – Published: 2022-04-12 16:11 – Updated: 2025-04-16 17:55
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to an out-of-bounds read, which may result in code execution
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:07:02.533Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-24383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:29:48.595288Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:55:50.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to an out-of-bounds read, which may result in code execution"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:53.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-24383",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to an out-of-bounds read, which may result in code execution"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-24383",
        "datePublished": "2022-04-12T16:11:53.500Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:55:50.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21228 (GCVE-0-2022-21228)

    Vulnerability from nvd – Published: 2022-04-12 16:11 – Updated: 2025-04-16 17:55
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.332Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:29:51.306782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:55:58.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:52.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21228",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21228",
        "datePublished": "2022-04-12T16:11:52.740Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:55:58.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21214 (GCVE-0-2022-21214)

    Vulnerability from nvd – Published: 2022-04-12 16:11 – Updated: 2025-04-16 17:56
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:29:53.975635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:56:06.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:51.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21214",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21214",
        "datePublished": "2022-04-12T16:11:51.679Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:56:06.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21202 (GCVE-0-2022-21202)

    Vulnerability from nvd – Published: 2022-04-12 16:11 – Updated: 2025-04-16 16:30
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21202",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:43.032875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:30:47.541Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:54.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21202",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21202",
        "datePublished": "2022-04-12T16:11:54.258Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:30:47.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21168 (GCVE-0-2022-21168)

    Vulnerability from nvd – Published: 2022-04-12 16:11 – Updated: 2025-04-16 16:30
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:46.252298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:30:55.958Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:50.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21168",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21168",
        "datePublished": "2022-04-12T16:11:50.947Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:30:55.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21202 (GCVE-0-2022-21202)

    Vulnerability from cvelistv5 – Published: 2022-04-12 16:11 – Updated: 2025-04-16 16:30
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21202",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:43.032875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:30:47.541Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:54.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21202",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21202",
        "datePublished": "2022-04-12T16:11:54.258Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:30:47.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24383 (GCVE-0-2022-24383)

    Vulnerability from cvelistv5 – Published: 2022-04-12 16:11 – Updated: 2025-04-16 17:55
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to an out-of-bounds read, which may result in code execution
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:07:02.533Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-24383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:29:48.595288Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:55:50.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to an out-of-bounds read, which may result in code execution"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:53.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-24383",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to an out-of-bounds read, which may result in code execution"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-24383",
        "datePublished": "2022-04-12T16:11:53.500Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:55:50.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21228 (GCVE-0-2022-21228)

    Vulnerability from cvelistv5 – Published: 2022-04-12 16:11 – Updated: 2025-04-16 17:55
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.332Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:29:51.306782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:55:58.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:52.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21228",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21228",
        "datePublished": "2022-04-12T16:11:52.740Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:55:58.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21214 (GCVE-0-2022-21214)

    Vulnerability from cvelistv5 – Published: 2022-04-12 16:11 – Updated: 2025-04-16 17:56
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:29:53.975635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:56:06.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:51.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21214",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21214",
        "datePublished": "2022-04-12T16:11:51.679Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:56:06.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21168 (GCVE-0-2022-21168)

    Vulnerability from cvelistv5 – Published: 2022-04-12 16:11 – Updated: 2025-04-16 16:30
    VLAI
    Title
    ICSA-22-090-03 Fuji Electric Alpha5
    Summary
    The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Alpha5 Affected: All , < 4.3 (custom)
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Credits
    Xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:46.252298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:30:55.958Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Alpha5",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.3",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T16:11:50.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
            }
          ],
          "source": {
            "advisory": "ICSA-22-090-03",
            "discovery": "EXTERNAL"
          },
          "title": "ICSA-22-090-03 Fuji Electric Alpha5",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-03-31T17:00:00.000Z",
              "ID": "CVE-2022-21168",
              "STATE": "PUBLIC",
              "TITLE": "ICSA-22-090-03 Fuji Electric Alpha5"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Alpha5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends upgrading to Alpha5 v4.4. The files can be obtained in the Fuji Library."
              }
            ],
            "source": {
              "advisory": "ICSA-22-090-03",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-21168",
        "datePublished": "2022-04-12T16:11:50.947Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:30:55.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }