Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for Smart Editor by Fuji Electric

    VAR-202506-0987

    Vulnerability from variot - Updated: 2025-07-28 19:42

    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Smart Editor is an editing software developed by Fuji Electric, mainly used to configure and program human-machine interface (HMI) devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0987",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart editor",
            "scope": null,
            "trust": 4.2,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric fuji electric smart editor",
            "scope": null,
            "trust": 0.6,
            "vendor": "fuji",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          }
        ],
        "trust": 4.2
      },
      "cve": "CVE-2025-41388",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-16527",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41388",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 4.2,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41388",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2025-41388",
                "trust": 4.2,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2025-41388",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-16527",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Smart Editor is an editing software developed by Fuji Electric, mainly used to configure and program human-machine interface (HMI) devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ],
        "trust": 5.22
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-41388",
            "trust": 5.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-168-04",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26024",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-405",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26022",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26020",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-25942",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26026",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26018",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "id": "VAR-202506-0987",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ]
      },
      "last_update_date": "2025-07-28T19:42:24.677000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 4.2,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          },
          {
            "title": "Patch for Fuji Electric Smart Editor Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/710751"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "date": "2025-06-17T21:15:38.183000",
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "date": "2025-06-18T13:47:10.020000",
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          }
        ],
        "trust": 1.4
      }
    }

    VAR-202506-0989

    Vulnerability from variot - Updated: 2025-07-04 23:31

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0989",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart editor",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric smart editor",
            "scope": null,
            "trust": 0.6,
            "vendor": "fuji",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2025-41413",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-13401",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41413",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41413",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2025-41413",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2025-41413",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13401",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-41413",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-168-04",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26028",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-401",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26031",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "id": "VAR-202506-0989",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:31:35.174000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          },
          {
            "title": "Patch for Fuji Electric Smart Editor Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/701611"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "date": "2025-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "date": "2025-06-17T21:15:38.343000",
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "date": "2025-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "date": "2025-06-18T13:47:10.020000",
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-202506-0988

    Vulnerability from variot - Updated: 2025-07-04 23:31

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TL5 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0988",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart editor",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric smart editor",
            "scope": null,
            "trust": 0.6,
            "vendor": "fuji",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2025-32412",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-13400",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-32412",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-32412",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2025-32412",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2025-32412",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13400",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TL5 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-32412",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-168-04",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26032",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-400",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "id": "VAR-202506-0988",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:31:35.152000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          },
          {
            "title": "Patch for Fuji Electric Smart Editor Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/701601"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "date": "2025-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "date": "2025-06-17T21:15:37.963000",
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "date": "2025-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "date": "2025-06-18T13:47:10.020000",
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor TL5 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          }
        ],
        "trust": 0.7
      }
    }

    CVE-2025-41413 (GCVE-0-2025-41413)

    Vulnerability from nvd – Published: 2025-06-17 20:22 – Updated: 2025-06-18 14:57
    VLAI
    Title
    Fuji Electric Smart Editor Out-of-bounds Write
    Summary
    Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-18T14:57:06.202928Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T14:57:14.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor\u0026nbsp;is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:22:05.902Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-41413",
        "datePublished": "2025-06-17T20:22:05.902Z",
        "dateReserved": "2025-06-16T16:00:20.868Z",
        "dateUpdated": "2025-06-18T14:57:14.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41388 (GCVE-0-2025-41388)

    Vulnerability from nvd – Published: 2025-06-17 20:24 – Updated: 2025-06-18 14:57
    VLAI
    Title
    Fuji Electric Smart Editor Stack-based Buffer Overflow
    Summary
    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 16:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-18T14:56:59.560007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T14:57:23.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:24:26.869Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-41388",
        "datePublished": "2025-06-17T20:24:26.869Z",
        "dateReserved": "2025-06-16T16:00:20.844Z",
        "dateUpdated": "2025-06-18T14:57:23.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32412 (GCVE-0-2025-32412)

    Vulnerability from nvd – Published: 2025-06-17 20:18 – Updated: 2025-06-17 20:24
    VLAI
    Title
    Fuji Electric Smart Editor Out-of-bounds Read
    Summary
    Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T20:24:26.196402Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:24:39.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor\u0026nbsp;is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:18:47.252Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Out-of-bounds Read",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-32412",
        "datePublished": "2025-06-17T20:18:47.252Z",
        "dateReserved": "2025-06-16T16:00:20.856Z",
        "dateUpdated": "2025-06-17T20:24:39.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41388 (GCVE-0-2025-41388)

    Vulnerability from cvelistv5 – Published: 2025-06-17 20:24 – Updated: 2025-06-18 14:57
    VLAI
    Title
    Fuji Electric Smart Editor Stack-based Buffer Overflow
    Summary
    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 16:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-18T14:56:59.560007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T14:57:23.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:24:26.869Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-41388",
        "datePublished": "2025-06-17T20:24:26.869Z",
        "dateReserved": "2025-06-16T16:00:20.844Z",
        "dateUpdated": "2025-06-18T14:57:23.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41413 (GCVE-0-2025-41413)

    Vulnerability from cvelistv5 – Published: 2025-06-17 20:22 – Updated: 2025-06-18 14:57
    VLAI
    Title
    Fuji Electric Smart Editor Out-of-bounds Write
    Summary
    Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-18T14:57:06.202928Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T14:57:14.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor\u0026nbsp;is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:22:05.902Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-41413",
        "datePublished": "2025-06-17T20:22:05.902Z",
        "dateReserved": "2025-06-16T16:00:20.868Z",
        "dateUpdated": "2025-06-18T14:57:14.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32412 (GCVE-0-2025-32412)

    Vulnerability from cvelistv5 – Published: 2025-06-17 20:18 – Updated: 2025-06-17 20:24
    VLAI
    Title
    Fuji Electric Smart Editor Out-of-bounds Read
    Summary
    Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T20:24:26.196402Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:24:39.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor\u0026nbsp;is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:18:47.252Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Out-of-bounds Read",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-32412",
        "datePublished": "2025-06-17T20:18:47.252Z",
        "dateReserved": "2025-06-16T16:00:20.856Z",
        "dateUpdated": "2025-06-17T20:24:39.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }