Search

Find a vulnerability

Search criteria

    27 vulnerabilities found for V-Server by Fuji Electric

    VAR-201707-1005

    Vulnerability from variot - Updated: 2025-04-20 23:04

    An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1005",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "3.3.22.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "3.3.22.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=3.3.22.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-9639",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9639",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9639",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22993",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9639",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9639",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9639",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2017-9639",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22993",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-864",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition.  An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9639",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-192-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "99544",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4030",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-192-03",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "D5865A84-E9FB-47B5-8F83-EDAC0330897F",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "id": "VAR-201707-1005",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          }
        ],
        "trust": 1.67058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:04:20.729000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02"
          },
          {
            "title": "Fuji Electric V-Server Memory Corruption Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/100865"
          },
          {
            "title": "Fuji Electric V-Server Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99873"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/99544"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9639"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9639"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-03"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "date": "2017-07-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "BID",
            "id": "99544"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "date": "2017-07-17T19:29:00.340000",
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "BID",
            "id": "99544"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Memory corruption vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201802-1045

    Vulnerability from variot - Updated: 2024-11-23 22:38

    A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric, Japan, and VPR is an array-based FPGA layout tool. Failed exploit attempts will likely cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-1045",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server vpr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.1.0"
          },
          {
            "model": "v-server vpr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.1.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.1.0"
          },
          {
            "model": "v-server vpr",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server vpr",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "BID",
            "id": "102903"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:fujielectric:v-server_vpr_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "BID",
            "id": "102903"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2018-5442",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5442",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5442",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-02828",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-135473",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-5442",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-5442",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5442",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5442",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-5442",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-02828",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201802-109",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-135473",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files.  The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer.  An attacker can leverage this vulnerability to execute code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric, Japan, and VPR is an array-based FPGA layout tool. Failed exploit attempts will likely cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5442"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "BID",
            "id": "102903"
          },
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135473"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5442",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-032-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "102903",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5383",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-160",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2E378A3-39AB-11E9-A97C-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99015",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-135473",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135473"
          },
          {
            "db": "BID",
            "id": "102903"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "id": "VAR-201802-1045",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135473"
          }
        ],
        "trust": 1.7671123199999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:38:16.149000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-01"
          },
          {
            "title": "Patch for Fuji Electric V-Server VPR Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/115813"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78267"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-032-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/102903"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5442"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5442"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135473"
          },
          {
            "db": "BID",
            "id": "102903"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135473"
          },
          {
            "db": "BID",
            "id": "102903"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-06T00:00:00",
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "date": "2018-02-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "date": "2018-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "date": "2018-02-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135473"
          },
          {
            "date": "2018-02-01T00:00:00",
            "db": "BID",
            "id": "102903"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "date": "2018-02-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          },
          {
            "date": "2018-02-05T18:29:00.310000",
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-160"
          },
          {
            "date": "2018-02-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-02828"
          },
          {
            "date": "2020-09-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135473"
          },
          {
            "date": "2018-02-01T00:00:00",
            "db": "BID",
            "id": "102903"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "date": "2020-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          },
          {
            "date": "2024-11-21T04:08:48.807000",
            "db": "NVD",
            "id": "CVE-2018-5442"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server VPR Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-109"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201906-0327

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0327",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "fuji electric",
            "version": "6.0.33.0"
          },
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.0.33.0"
          },
          {
            "model": "electric v-server",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.0.33.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.9.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.8.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.7.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.6.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.5.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.4.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.32.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.31.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.30.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.3.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.29.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.28.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.27.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.26.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.25.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.24.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.23.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.22.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.21.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.20.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.2.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.19.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.18.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.17.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.16.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.15.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.14.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.13.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.12.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.11.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.10.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.33.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-3946",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-3946",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-3946",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-25688",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-3946",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-3946",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-3946",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3946",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3946",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-25688",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-559",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-3946",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          }
        ],
        "trust": 3.42
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-3946",
            "trust": 4.4
          },
          {
            "db": "TENABLE",
            "id": "TRA-2019-27",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "108740",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B858CD6C-22D1-49A4-A77A-E989933C9367",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "id": "VAR-201906-0327",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          }
        ],
        "trust": 1.56029412
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:33:54.410000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "V-Server",
            "trust": 1.6,
            "url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
          },
          {
            "title": "Fuji Electric V-Server enters a patch to verify the error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/172789"
          },
          {
            "title": "Fuji Electric V-Server Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93791"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.2,
            "url": "https://www.tenable.com/security/research/tra-2019-27"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/108740"
          },
          {
            "trust": 0.9,
            "url": "http://www.fujielectric.com/"
          },
          {
            "trust": 0.9,
            "url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3946"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3946"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/190.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-02T00:00:00",
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "date": "2019-08-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "date": "2019-06-12T15:29:00.863000",
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "date": "2019-06-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "date": "2024-11-21T04:42:55.280000",
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Input validation error vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201906-0328

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0328",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.0.33.0"
          },
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "6.0.33.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.9.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.8.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.7.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.6.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.5.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.4.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.32.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.31.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.30.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.3.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.29.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.28.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.27.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.26.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.25.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.24.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.23.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.22.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.21.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.20.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.2.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.19.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.18.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.17.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.16.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.15.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.14.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.13.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.12.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.11.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.10.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.33.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-3947",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-3947",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-3947",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-3947",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3947",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-558",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-3947",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TENABLE",
            "id": "TRA-2019-27",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "108740",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3947",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "id": "VAR-201906-0328",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.65
      },
      "last_update_date": "2024-11-23T22:33:54.379000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "V-Server",
            "trust": 0.8,
            "url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
          },
          {
            "title": "Fuji Electric V-Server Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93790"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.tenable.com/security/research/tra-2019-27"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/108740"
          },
          {
            "trust": 0.9,
            "url": "http://www.fujielectric.com/"
          },
          {
            "trust": 0.9,
            "url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/522.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "date": "2019-06-12T15:29:00.910000",
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "date": "2024-11-21T04:42:55.407000",
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Vulnerabilities related to certificate and password management",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1048

    Vulnerability from variot - Updated: 2024-11-23 22:29

    In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data.

    A buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 3.5,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "kimiya of 9SG",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ],
        "trust": 4.1
      },
      "cve": "CVE-2019-18240",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-18240",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-41427",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-18240",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 3.5,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-18240",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-18240",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2019-18240",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-18240",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-18240",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41427",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-426",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer.  An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. \n\nA buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          }
        ],
        "trust": 5.49
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-18240",
            "trust": 6.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-311-02",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971",
            "trust": 1.3
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4210",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8848",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8931",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8844",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8904",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8932",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "C161EB5B-3004-48C3-93E9-62AC80F32CD5",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "id": "VAR-201911-1048",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          }
        ],
        "trust": 1.67058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:50.428000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability (CNVD-2019-41427)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/191105"
          },
          {
            "title": "Fuji Electric V-Server Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103039"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 7.1,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18240"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4210/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18240"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-971/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-11-20T00:00:00",
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-968",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-970",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-967",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-969",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-971",
            "ident": null
          },
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "ident": null
          },
          {
            "date": "2019-11-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "ident": null
          },
          {
            "date": "2019-11-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "ident": null
          },
          {
            "date": "2019-11-13T23:15:11.433000",
            "db": "NVD",
            "id": "CVE-2019-18240",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-968",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-970",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-967",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-969",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-971",
            "ident": null
          },
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "ident": null
          },
          {
            "date": "2019-11-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "ident": null
          },
          {
            "date": "2020-07-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "ident": null
          },
          {
            "date": "2024-11-21T04:32:54.107000",
            "db": "NVD",
            "id": "CVE-2019-18240",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          }
        ],
        "trust": 3.5
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0083

    Vulnerability from variot - Updated: 2024-11-23 22:26

    A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. V-Server Lite 4.0.3.0 and prior versions are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "lite 4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "2.1.36.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "2.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-10637",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10637",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10637",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-10637",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10637",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10637",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-10637",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-575",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nV-Server Lite 4.0.3.0 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10637",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105328",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6376",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "id": "VAR-201809-0083",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.87058824
      },
      "last_update_date": "2024-11-23T22:26:14.101000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
          },
          {
            "title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84842"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105328"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10637"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10637"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "date": "2018-12-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "date": "2018-09-13T19:29:00.277000",
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "date": "2018-12-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "date": "2024-11-21T03:41:42.753000",
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0157

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0157",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ghirmay Desta",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-14823",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14823",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14823",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-19612",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125021",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14823",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14823",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14823",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14823",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-14823",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-19612",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-582",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125021",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14823",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5889",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD1B23-39AB-11E9-8157-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "id": "VAR-201809-0157",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:24.141000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/140889"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84850"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14823"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14823"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-21T00:00:00",
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "date": "2018-09-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "date": "2018-09-26T20:29:00.980000",
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "date": "2020-08-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "date": "2024-11-21T03:49:52.330000",
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0153

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. An integer underflow vulnerability 6. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-14815",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14815",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14815",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20785",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125012",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14815",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14815",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14815",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14815",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20785",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-579",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125012",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. An integer underflow vulnerability\n6. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14815",
            "trust": 5.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5881",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5882",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD6941-39AB-11E9-AEED-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "id": "VAR-201809-0153",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:24.091000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric V-Server patch for out-of-bounds write vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142221"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84846"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14815"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14815"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "ident": null
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125012",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "ident": null
          },
          {
            "date": "2018-09-26T20:29:00.620000",
            "db": "NVD",
            "id": "CVE-2018-14815",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "ident": null
          },
          {
            "date": "2018-11-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125012",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "ident": null
          },
          {
            "date": "2024-11-21T03:49:51.263000",
            "db": "NVD",
            "id": "CVE-2018-14815",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Vulnerable to out-of-bounds writing",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0150

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0150",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-14809",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14809",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14809",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-19868",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d85b770-463f-11e9-a599-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125005",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14809",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14809",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14809",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14809",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-19868",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-576",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d85b770-463f-11e9-a599-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125005",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          }
        ],
        "trust": 3.69
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14809",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5885",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5877",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D85B770-463F-11E9-A599-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "id": "VAR-201809-0150",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:24.046000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/141099"
          },
          {
            "title": "Fuji Electric V-Server VPR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84843"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14809"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14809"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-27T00:00:00",
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "date": "2018-09-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "date": "2018-09-26T20:29:00.293000",
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "date": "2019-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "date": "2024-11-21T03:49:50.547000",
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0152

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0152",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-14813",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14813",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14813",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20754",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125010",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14813",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14813",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14813",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14813",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14813",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20754",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-578",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125010",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14813",
            "trust": 5.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5883",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5879",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD1B22-39AB-11E9-970B-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "id": "VAR-201809-0152",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.999000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142229"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84845"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14813"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14813"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "date": "2018-09-26T20:29:00.510000",
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "date": "2020-08-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "date": "2024-11-21T03:49:50.993000",
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0151

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 3.5,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2018-14811",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14811",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 3.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14811",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-03306",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d85de80-463f-11e9-8522-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125008",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14811",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14811",
                "trust": 3.5,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14811",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14811",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-03306",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-577",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d85de80-463f-11e9-8522-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125008",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer.  An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          }
        ],
        "trust": 5.85
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14811",
            "trust": 7.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5880",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5878",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5886",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5888",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5887",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D85DE80-463F-11E9-8522-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "id": "VAR-201809-0151",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.937000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric V-Server releases patches for reusing vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/152185"
          },
          {
            "title": "Fuji Electric V-Server VPR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84844"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-822",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 6.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14811"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14811"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-01-30T00:00:00",
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "ident": null
          },
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "ident": null
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125008",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "ident": null
          },
          {
            "date": "2018-09-26T20:29:00.403000",
            "db": "NVD",
            "id": "CVE-2018-14811",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "ident": null
          },
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125008",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "ident": null
          },
          {
            "date": "2024-11-21T03:49:50.773000",
            "db": "NVD",
            "id": "CVE-2018-14811",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server VPR File Parsing CArchive Read Untrusted Pointer Dereference Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          }
        ],
        "trust": 2.1
      },
      "type": {
        "_id": null,
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0154

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0154",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley (mr_me) of Source Incite and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
        "sources": [
          {
            "db": "BID",
            "id": "105341"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-14817",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14817",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20784",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125014",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14817",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14817",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14817",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20784",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-580",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125014",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14817",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2FD6940-39AB-11E9-8108-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "id": "VAR-201809-0154",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.896000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Patch for Fuji Electric V-Server Integer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142217"
          },
          {
            "title": "Fuji Electric V-Server VPR Fixes for digital error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84847"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-191",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14817"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14817"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "date": "2018-09-26T20:29:00.747000",
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "date": "2024-11-21T03:49:51.510000",
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Integer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "digital error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0155

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-14819",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14819",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14819",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20780",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125016",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14819",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14819",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14819",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-14819",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20780",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-581",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125016",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14819",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5884",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD422F-39AB-11E9-AF52-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "id": "VAR-201809-0155",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.853000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "Fuji Electric V-Server cross-border read vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142203"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84848"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14819"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14819"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "ident": null
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125016",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "ident": null
          },
          {
            "date": "2018-09-26T20:29:00.870000",
            "db": "NVD",
            "id": "CVE-2018-14819",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125016",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "ident": null
          },
          {
            "date": "2024-11-21T03:49:51.803000",
            "db": "NVD",
            "id": "CVE-2018-14819",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202102-0298

    Vulnerability from variot - Updated: 2022-05-04 09:42

    The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "3.3.24.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "lite 3.3.24.0 \u306e\u5168\u3066"
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.3.24.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Tran Van Khang - khangkito of VinCSS (Member of Vingroup)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-25171",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-25171",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-25171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009656",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-25171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-25171",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-009656",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-25171",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-1837",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files.  The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-25171",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-329-02",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU97620058",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11353",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4169",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "id": "VAR-202102-0298",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2022-05-04T09:42:08.814000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fe Library | Search Remote Control Software Documents (\u8981\u30ed\u30b0\u30a4\u30f3)",
            "trust": 0.8,
            "url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25171"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97620058"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25171"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4169/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "ident": null
          },
          {
            "date": "2020-11-26T06:26:17",
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "ident": null
          },
          {
            "date": "2020-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "ident": null
          },
          {
            "date": "2021-02-19T18:15:00",
            "db": "NVD",
            "id": "CVE-2020-25171",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "ident": null
          },
          {
            "date": "2020-11-26T06:26:17",
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "ident": null
          },
          {
            "date": "2021-02-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "ident": null
          },
          {
            "date": "2021-02-25T22:16:00",
            "db": "NVD",
            "id": "CVE-2020-25171",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Made by Fuji Electric  V-Server Lite Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0059

    Vulnerability from variot - Updated: 2022-05-04 09:21

    Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.9.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "lite 4.0.9.0 \u306e\u5168\u3066"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2020-10646",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-10646",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-10646",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-10646",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003280",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2020-10646",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-10646",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-003280",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-374",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10646",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-098-04",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452",
            "trust": 1.3
          },
          {
            "db": "JVN",
            "id": "JVNVU98887141",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10119",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-451",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10120",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "47584",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47741",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1254",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "id": "VAR-202004-0059",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2022-05-04T09:21:58.233000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
          },
          {
            "title": "Fe Library",
            "trust": 0.8,
            "url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
          },
          {
            "title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115595"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-122",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10646"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98887141/index.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47741"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-452/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10646"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1254/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47584"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-451",
            "ident": null
          },
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-452",
            "ident": null
          },
          {
            "date": "2020-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "ident": null
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "ident": null
          },
          {
            "date": "2020-04-13T19:15:00",
            "db": "NVD",
            "id": "CVE-2020-10646",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-451",
            "ident": null
          },
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-452",
            "ident": null
          },
          {
            "date": "2020-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "ident": null
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "ident": null
          },
          {
            "date": "2020-04-13T20:11:00",
            "db": "NVD",
            "id": "CVE-2020-10646",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-14823 (GCVE-0-2018-14823)

    Vulnerability from nvd – Published: 2018-09-26 20:00 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14823",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:13.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14819 (GCVE-0-2018-14819)

    Vulnerability from nvd – Published: 2018-09-26 20:00 – Updated: 2024-09-16 16:47
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14819",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14819",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:47:54.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14817 (GCVE-0-2018-14817)

    Vulnerability from nvd – Published: 2018-09-26 20:00 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-191 - INTEGER UNDERFLOW CWE-191
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.911Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "INTEGER UNDERFLOW CWE-191",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14817",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INTEGER UNDERFLOW CWE-191"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14817",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:53.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14813 (GCVE-0-2018-14813)

    Vulnerability from nvd – Published: 2018-09-26 20:00 – Updated: 2024-09-17 01:26
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:14.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14813",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14813",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:31.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14811 (GCVE-0-2018-14811)

    Vulnerability from nvd – Published: 2018-09-26 20:00 – Updated: 2024-09-16 20:41
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.982Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14811",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:41:49.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14809 (GCVE-0-2018-14809)

    Vulnerability from nvd – Published: 2018-09-26 20:00 – Updated: 2024-09-16 22:03
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:14.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "USE AFTER FREE CWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T19:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE AFTER FREE CWE-416"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14809",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:03:37.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14819 (GCVE-0-2018-14819)

    Vulnerability from cvelistv5 – Published: 2018-09-26 20:00 – Updated: 2024-09-16 16:47
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14819",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14819",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:47:54.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14823 (GCVE-0-2018-14823)

    Vulnerability from cvelistv5 – Published: 2018-09-26 20:00 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14823",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:13.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14809 (GCVE-0-2018-14809)

    Vulnerability from cvelistv5 – Published: 2018-09-26 20:00 – Updated: 2024-09-16 22:03
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:14.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "USE AFTER FREE CWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T19:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE AFTER FREE CWE-416"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14809",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:03:37.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14811 (GCVE-0-2018-14811)

    Vulnerability from cvelistv5 – Published: 2018-09-26 20:00 – Updated: 2024-09-16 20:41
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.982Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14811",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:41:49.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14817 (GCVE-0-2018-14817)

    Vulnerability from cvelistv5 – Published: 2018-09-26 20:00 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-191 - INTEGER UNDERFLOW CWE-191
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.911Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "INTEGER UNDERFLOW CWE-191",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14817",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INTEGER UNDERFLOW CWE-191"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14817",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:53.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14813 (GCVE-0-2018-14813)

    Vulnerability from cvelistv5 – Published: 2018-09-26 20:00 – Updated: 2024-09-17 01:26
    VLAI
    Summary
    Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:14.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
              },
              {
                "name": "105341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
            },
            {
              "name": "105341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-14813",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
                },
                {
                  "name": "105341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14813",
        "datePublished": "2018-09-26T20:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:31.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }