Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for Tellus Lite V-Simulator by Fuji Electric

    CVE-2024-37029 (GCVE-0-2024-37029)

    Vulnerability from nvd – Published: 2024-06-13 17:23 – Updated: 2024-08-02 03:43
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
    Summary
    Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.20.0 (custom)
    Create a notification for this product.
    fujielectric tellus_lite_v-simulator Affected: 0 , < 4.0.20.0 (custom)
        cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 17:00
    Credits
    kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tellus_lite_v-simulator",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "4.0.20.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T18:55:22.773512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T18:51:36.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:43:50.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.20.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2024-06-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.\n\n"
                }
              ],
              "value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T17:23:40.591Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
            }
          ],
          "source": {
            "advisory": "ICSA-24-165-14",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-37029",
        "datePublished": "2024-06-13T17:23:40.591Z",
        "dateReserved": "2024-06-06T17:39:34.317Z",
        "dateUpdated": "2024-08-02T03:43:50.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37022 (GCVE-0-2024-37022)

    Vulnerability from nvd – Published: 2024-06-13 17:25 – Updated: 2024-08-02 03:43
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
    Summary
    Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.20.0 (custom)
    Create a notification for this product.
    fujielectric tellus_lite_v-simulator Affected: 0 , < 4.0.20.0 (custom)
        cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 17:00
    Credits
    kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tellus_lite_v-simulator",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "4.0.20.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T18:48:57.921592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T18:51:44.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:43:50.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.20.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2024-06-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator  is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Fuji Electric Tellus Lite V-Simulator  is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T17:25:49.609Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
            }
          ],
          "source": {
            "advisory": "ICSA-24-165-14",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-37022",
        "datePublished": "2024-06-13T17:25:49.609Z",
        "dateReserved": "2024-06-06T17:39:34.310Z",
        "dateUpdated": "2024-08-02T03:43:50.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5299 (GCVE-0-2023-5299)

    Vulnerability from nvd – Published: 2023-11-22 00:41 – Updated: 2024-09-04 18:39
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Improper Access Control
    Summary
    A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.19.0 (custom)
    Create a notification for this product.
    Date Public
    2023-11-22 00:41
    Credits
    Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:25.665128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T18:39:16.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.19.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-11-22T00:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T00:41:18.654Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users  update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator  Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-5299",
        "datePublished": "2023-11-22T00:41:18.654Z",
        "dateReserved": "2023-09-29T15:56:03.959Z",
        "dateUpdated": "2024-09-04T18:39:16.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40152 (GCVE-0-2023-40152)

    Vulnerability from nvd – Published: 2023-11-22 00:42 – Updated: 2024-08-29 19:51
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
    Summary
    When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.19.0 (custom)
    Create a notification for this product.
    Date Public
    2023-11-22 00:41
    Credits
    Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:24:55.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40152",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:26.396580Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:51:44.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.19.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-11-22T00:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T00:42:49.608Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users  update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-40152",
        "datePublished": "2023-11-22T00:42:49.608Z",
        "dateReserved": "2023-08-18T17:42:07.401Z",
        "dateUpdated": "2024-08-29T19:51:44.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35127 (GCVE-0-2023-35127)

    Vulnerability from nvd – Published: 2023-11-22 00:44 – Updated: 2024-08-29 19:16
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
    Summary
    Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.19.0 (custom)
    Create a notification for this product.
    Date Public
    2023-11-22 00:41
    Credits
    Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:23:59.368Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:27.123789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:16:01.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.19.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-11-22T00:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T00:44:26.650Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users  update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-35127",
        "datePublished": "2023-11-22T00:44:26.650Z",
        "dateReserved": "2023-08-18T17:42:07.395Z",
        "dateUpdated": "2024-08-29T19:16:01.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3085 (GCVE-0-2022-3085)

    Vulnerability from nvd – Published: 2023-01-18 23:22 – Updated: 2025-01-16 21:59
    VLAI
    Summary
    Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-Based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , ≤ 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    Kimiya Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T20:32:10.955647Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:59:24.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": " 4.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kimiya"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-Based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-18T23:22:02.789Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to  version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-3085",
        "datePublished": "2023-01-18T23:22:02.789Z",
        "dateReserved": "2022-09-01T18:49:33.050Z",
        "dateUpdated": "2025-01-16T21:59:24.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3087 (GCVE-0-2022-3087)

    Vulnerability from nvd – Published: 2023-01-16 23:46 – Updated: 2025-01-16 22:01
    VLAI
    Summary
    Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , ≤ 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    Kimiya Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3087",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T20:32:25.399441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T22:01:32.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": " 4.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kimiya"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-16T23:46:24.860Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to  version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-3087",
        "datePublished": "2023-01-16T23:46:24.860Z",
        "dateReserved": "2022-09-01T18:50:35.423Z",
        "dateUpdated": "2025-01-16T22:01:32.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38421 (GCVE-0-2021-38421)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds read
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds read",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38421",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds read"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38421",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38419 (GCVE-0-2021-38419)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds write
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:50.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds write",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38419",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds write"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38419",
        "datePublished": "2021-12-20T20:08:50.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38415 (GCVE-0-2021-38415)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38415",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38415",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38413 (GCVE-0-2021-38413)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38413",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38413",
        "datePublished": "2021-12-20T20:08:49.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38409 (GCVE-0-2021-38409)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator uninitialized pointer
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38409",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38409",
        "datePublished": "2021-12-20T20:08:46.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38401 (GCVE-0-2021-38401)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
    CWE
    • CWE-822 - - Untrusted pointer dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 - Untrusted pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:47.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38401",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822 - Untrusted pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38401",
        "datePublished": "2021-12-20T20:08:47.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37022 (GCVE-0-2024-37022)

    Vulnerability from cvelistv5 – Published: 2024-06-13 17:25 – Updated: 2024-08-02 03:43
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
    Summary
    Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.20.0 (custom)
    Create a notification for this product.
    fujielectric tellus_lite_v-simulator Affected: 0 , < 4.0.20.0 (custom)
        cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 17:00
    Credits
    kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tellus_lite_v-simulator",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "4.0.20.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T18:48:57.921592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T18:51:44.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:43:50.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.20.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2024-06-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator  is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Fuji Electric Tellus Lite V-Simulator  is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T17:25:49.609Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
            }
          ],
          "source": {
            "advisory": "ICSA-24-165-14",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-37022",
        "datePublished": "2024-06-13T17:25:49.609Z",
        "dateReserved": "2024-06-06T17:39:34.310Z",
        "dateUpdated": "2024-08-02T03:43:50.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37029 (GCVE-0-2024-37029)

    Vulnerability from cvelistv5 – Published: 2024-06-13 17:23 – Updated: 2024-08-02 03:43
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
    Summary
    Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.20.0 (custom)
    Create a notification for this product.
    fujielectric tellus_lite_v-simulator Affected: 0 , < 4.0.20.0 (custom)
        cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 17:00
    Credits
    kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tellus_lite_v-simulator",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "4.0.20.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T18:55:22.773512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T18:51:36.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:43:50.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.20.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2024-06-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.\n\n"
                }
              ],
              "value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T17:23:40.591Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
            }
          ],
          "source": {
            "advisory": "ICSA-24-165-14",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-37029",
        "datePublished": "2024-06-13T17:23:40.591Z",
        "dateReserved": "2024-06-06T17:39:34.317Z",
        "dateUpdated": "2024-08-02T03:43:50.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35127 (GCVE-0-2023-35127)

    Vulnerability from cvelistv5 – Published: 2023-11-22 00:44 – Updated: 2024-08-29 19:16
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
    Summary
    Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.19.0 (custom)
    Create a notification for this product.
    Date Public
    2023-11-22 00:41
    Credits
    Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:23:59.368Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:27.123789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:16:01.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.19.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-11-22T00:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T00:44:26.650Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users  update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-35127",
        "datePublished": "2023-11-22T00:44:26.650Z",
        "dateReserved": "2023-08-18T17:42:07.395Z",
        "dateUpdated": "2024-08-29T19:16:01.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40152 (GCVE-0-2023-40152)

    Vulnerability from cvelistv5 – Published: 2023-11-22 00:42 – Updated: 2024-08-29 19:51
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
    Summary
    When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.19.0 (custom)
    Create a notification for this product.
    Date Public
    2023-11-22 00:41
    Credits
    Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:24:55.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40152",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:26.396580Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:51:44.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.19.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-11-22T00:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T00:42:49.608Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users  update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-40152",
        "datePublished": "2023-11-22T00:42:49.608Z",
        "dateReserved": "2023-08-18T17:42:07.401Z",
        "dateUpdated": "2024-08-29T19:51:44.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5299 (GCVE-0-2023-5299)

    Vulnerability from cvelistv5 – Published: 2023-11-22 00:41 – Updated: 2024-09-04 18:39
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator Improper Access Control
    Summary
    A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , < 4.0.19.0 (custom)
    Create a notification for this product.
    Date Public
    2023-11-22 00:41
    Credits
    Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:25.665128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T18:39:16.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.19.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-11-22T00:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T00:41:18.654Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users  update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator  Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-5299",
        "datePublished": "2023-11-22T00:41:18.654Z",
        "dateReserved": "2023-09-29T15:56:03.959Z",
        "dateUpdated": "2024-09-04T18:39:16.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3085 (GCVE-0-2022-3085)

    Vulnerability from cvelistv5 – Published: 2023-01-18 23:22 – Updated: 2025-01-16 21:59
    VLAI
    Summary
    Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-Based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , ≤ 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    Kimiya Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T20:32:10.955647Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:59:24.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": " 4.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kimiya"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-Based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-18T23:22:02.789Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to  version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-3085",
        "datePublished": "2023-01-18T23:22:02.789Z",
        "dateReserved": "2022-09-01T18:49:33.050Z",
        "dateUpdated": "2025-01-16T21:59:24.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3087 (GCVE-0-2022-3087)

    Vulnerability from cvelistv5 – Published: 2023-01-16 23:46 – Updated: 2025-01-16 22:01
    VLAI
    Summary
    Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Lite V-Simulator Affected: 0 , ≤ 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    Kimiya Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3087",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T20:32:25.399441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T22:01:32.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": " 4.0.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kimiya"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-16T23:46:24.860Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to  version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-3087",
        "datePublished": "2023-01-16T23:46:24.860Z",
        "dateReserved": "2022-09-01T18:50:35.423Z",
        "dateUpdated": "2025-01-16T22:01:32.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38419 (GCVE-0-2021-38419)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds write
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:50.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds write",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38419",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds write"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38419",
        "datePublished": "2021-12-20T20:08:50.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38413 (GCVE-0-2021-38413)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38413",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38413",
        "datePublished": "2021-12-20T20:08:49.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38415 (GCVE-0-2021-38415)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38415",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38415",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38421 (GCVE-0-2021-38421)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds read
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds read",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38421",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds read"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38421",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38401 (GCVE-0-2021-38401)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
    CWE
    • CWE-822 - - Untrusted pointer dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 - Untrusted pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:47.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38401",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822 - Untrusted pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38401",
        "datePublished": "2021-12-20T20:08:47.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38409 (GCVE-0-2021-38409)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator uninitialized pointer
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38409",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38409",
        "datePublished": "2021-12-20T20:08:46.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }