Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for V-Server Lite by Fuji Electric

    VAR-201809-0083

    Vulnerability from variot - Updated: 2024-11-23 22:26

    A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. V-Server Lite 4.0.3.0 and prior versions are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "lite 4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "2.1.36.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "2.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-10637",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10637",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10637",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-10637",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10637",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10637",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-10637",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-575",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nV-Server Lite 4.0.3.0 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10637",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105328",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6376",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "id": "VAR-201809-0083",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.87058824
      },
      "last_update_date": "2024-11-23T22:26:14.101000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
          },
          {
            "title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84842"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105328"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10637"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10637"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "date": "2018-12-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "date": "2018-09-13T19:29:00.277000",
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "date": "2018-12-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "date": "2024-11-21T03:41:42.753000",
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1105

    Vulnerability from variot - Updated: 2024-11-23 21:26

    A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-22641",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22641",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17707",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22641",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22641",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22641",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22641",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22641",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-22641",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17707",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2393",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22641",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files.  The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer.  An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22641",
            "trust": 3.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-099",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11669",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "id": "VAR-202101-1105",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:26:42.245000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17707)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252926"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 2.5,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-099/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22641"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-099",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "ident": null
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "ident": null
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "ident": null
          },
          {
            "date": "2021-01-27T20:15:13.207000",
            "db": "NVD",
            "id": "CVE-2021-22641",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-06-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-099",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "ident": null
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "ident": null
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "ident": null
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "ident": null
          },
          {
            "date": "2024-11-21T05:50:22.220000",
            "db": "NVD",
            "id": "CVE-2021-22641",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1104

    Vulnerability from variot - Updated: 2024-11-23 20:26

    An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-22639",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22639",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17708",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22639",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22639",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22639",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22639",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22639",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-22639",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17708",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2398",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22639",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22639",
            "trust": 3.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-098",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11668",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "id": "VAR-202101-1104",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:26:42.576000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17708)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252906"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-824",
            "trust": 1.0
          },
          {
            "problemtype": "Accessing uninitialized pointers (CWE-824) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 2.5,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-098/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22639"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/824.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195684"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-098",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "ident": null
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "ident": null
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "ident": null
          },
          {
            "date": "2021-01-27T20:15:12.847000",
            "db": "NVD",
            "id": "CVE-2021-22639",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-06-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-098",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "ident": null
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "ident": null
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "ident": null
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "ident": null
          },
          {
            "date": "2024-11-21T05:50:21.947000",
            "db": "NVD",
            "id": "CVE-2021-22639",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Vulnerability in accessing uninitialized pointers in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1103

    Vulnerability from variot - Updated: 2024-11-23 19:25

    Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-22637",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22637",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17711",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22637",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22637",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22637",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22637",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22637",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-22637",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17711",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2406",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22637",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files.  The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22637",
            "trust": 3.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-097",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11170",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "id": "VAR-202101-1103",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:25:31.113000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252811"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 2.5,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-097/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22637"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-097",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "ident": null
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "ident": null
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "ident": null
          },
          {
            "date": "2021-01-27T20:15:12.770000",
            "db": "NVD",
            "id": "CVE-2021-22637",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-097",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "ident": null
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "ident": null
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "ident": null
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "ident": null
          },
          {
            "date": "2024-11-21T05:50:21.713000",
            "db": "NVD",
            "id": "CVE-2021-22637",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-2332

    Vulnerability from variot - Updated: 2022-05-17 02:08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-453"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-453"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "ZDI-20-453",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-20-453",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-453"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-453"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10138",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-453",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-453"
          }
        ]
      },
      "id": "VAR-202004-2332",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2022-05-17T02:08:54.181000Z",
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-453",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-453",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-453",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-453"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-202004-2333

    Vulnerability from variot - Updated: 2022-05-17 01:43

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-454"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-454"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "ZDI-20-454",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-20-454",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-454"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-454"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10137",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-454",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-454"
          }
        ]
      },
      "id": "VAR-202004-2333",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2022-05-17T01:43:05.050000Z",
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-454",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-454",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-454",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-454"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-202102-0298

    Vulnerability from variot - Updated: 2022-05-04 09:42

    The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "3.3.24.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "lite 3.3.24.0 \u306e\u5168\u3066"
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.3.24.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Tran Van Khang - khangkito of VinCSS (Member of Vingroup)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-25171",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-25171",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-25171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009656",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-25171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-25171",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-009656",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-25171",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-1837",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files.  The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-25171",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-329-02",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU97620058",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11353",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4169",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "id": "VAR-202102-0298",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2022-05-04T09:42:08.814000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fe Library | Search Remote Control Software Documents (\u8981\u30ed\u30b0\u30a4\u30f3)",
            "trust": 0.8,
            "url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25171"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97620058"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25171"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4169/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25171",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "ident": null
          },
          {
            "date": "2020-11-26T06:26:17",
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "ident": null
          },
          {
            "date": "2020-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "ident": null
          },
          {
            "date": "2021-02-19T18:15:00",
            "db": "NVD",
            "id": "CVE-2020-25171",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1384",
            "ident": null
          },
          {
            "date": "2020-11-26T06:26:17",
            "db": "JVNDB",
            "id": "JVNDB-2020-009656",
            "ident": null
          },
          {
            "date": "2021-02-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1837",
            "ident": null
          },
          {
            "date": "2021-02-25T22:16:00",
            "db": "NVD",
            "id": "CVE-2020-25171",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Made by Fuji Electric  V-Server Lite Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009656"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1837"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0059

    Vulnerability from variot - Updated: 2022-05-04 09:21

    Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.9.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "lite 4.0.9.0 \u306e\u5168\u3066"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2020-10646",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-10646",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-10646",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-10646",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003280",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2020-10646",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-10646",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-003280",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-374",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10646",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-098-04",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452",
            "trust": 1.3
          },
          {
            "db": "JVN",
            "id": "JVNVU98887141",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10119",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-451",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10120",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "47584",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47741",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1254",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "id": "VAR-202004-0059",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2022-05-04T09:21:58.233000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
          },
          {
            "title": "Fe Library",
            "trust": 0.8,
            "url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
          },
          {
            "title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115595"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-122",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10646"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98887141/index.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47741"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-452/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10646"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1254/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47584"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10646",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-451",
            "ident": null
          },
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-452",
            "ident": null
          },
          {
            "date": "2020-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "ident": null
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "ident": null
          },
          {
            "date": "2020-04-13T19:15:00",
            "db": "NVD",
            "id": "CVE-2020-10646",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-451",
            "ident": null
          },
          {
            "date": "2020-04-09T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-452",
            "ident": null
          },
          {
            "date": "2020-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003280",
            "ident": null
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-374",
            "ident": null
          },
          {
            "date": "2020-04-13T20:11:00",
            "db": "NVD",
            "id": "CVE-2020-10646",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-451"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-452"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-374"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2021-38421 (GCVE-0-2021-38421)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds read
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds read",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38421",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds read"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38421",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38419 (GCVE-0-2021-38419)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds write
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:50.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds write",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38419",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds write"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38419",
        "datePublished": "2021-12-20T20:08:50.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38415 (GCVE-0-2021-38415)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38415",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38415",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38413 (GCVE-0-2021-38413)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38413",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38413",
        "datePublished": "2021-12-20T20:08:49.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38409 (GCVE-0-2021-38409)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator uninitialized pointer
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38409",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38409",
        "datePublished": "2021-12-20T20:08:46.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38401 (GCVE-0-2021-38401)

    Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
    CWE
    • CWE-822 - - Untrusted pointer dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 - Untrusted pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:47.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38401",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822 - Untrusted pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38401",
        "datePublished": "2021-12-20T20:08:47.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25171 (GCVE-0-2020-25171)

    Vulnerability from nvd – Published: 2021-02-19 17:06 – Updated: 2024-08-04 15:26
    VLAI
    Title
    Fuji Electric V-Server Lite
    Summary
    The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 3.3.24.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "3.3.24.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "OUT-OF-BOUNDS WRITE CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T17:06:18.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
            }
          ],
          "source": {
            "advisory": "ICSA-20-329-02",
            "discovery": "UNKNOWN"
          },
          "title": "Fuji Electric V-Server Lite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-25171",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric V-Server Lite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.3.24.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS WRITE CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
                }
              ]
            },
            "source": {
              "advisory": "ICSA-20-329-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25171",
        "datePublished": "2021-02-19T17:06:18.000Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:26:10.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10637 (GCVE-0-2018-10637)

    Vulnerability from nvd – Published: 2018-09-13 20:00 – Updated: 2024-09-17 01:11
    VLAI
    Summary
    A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
    Severity
    No CVSS data available.
    CWE
    • CWE-120 - BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:47.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105328",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105328"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-14T09:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "105328",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105328"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-10637",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105328",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105328"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10637",
        "datePublished": "2018-09-13T20:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:11:13.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38419 (GCVE-0-2021-38419)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds write
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:50.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds write",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38419",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds write"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38419",
        "datePublished": "2021-12-20T20:08:50.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38413 (GCVE-0-2021-38413)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38413",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38413",
        "datePublished": "2021-12-20T20:08:49.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38415 (GCVE-0-2021-38415)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38415",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38415",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38421 (GCVE-0-2021-38421)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator out of bounds read
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:48.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator out of bounds read",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38421",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds read"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38421",
        "datePublished": "2021-12-20T20:08:48.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:44:22.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38401 (GCVE-0-2021-38401)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
    CWE
    • CWE-822 - - Untrusted pointer dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 - Untrusted pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:47.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38401",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822 - Untrusted pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38401",
        "datePublished": "2021-12-20T20:08:47.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38409 (GCVE-0-2021-38409)

    Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
    VLAI
    Title
    Fuji Electric Tellus Lite V-Simulator uninitialized pointer
    Summary
    Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Fuji Electric Tellus Lite V-Simulator Affected: unspecified , < 4.0.12.0 (custom)
    Create a notification for this product.
    Credits
    kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Tellus Lite V-Simulator",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "4.0.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-20T20:08:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
            }
          ],
          "source": {
            "advisory": "ICSA-21-299-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-38409",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Tellus Lite V-Simulator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.0.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
              }
            ],
            "source": {
              "advisory": "ICSA-21-299-01",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38409",
        "datePublished": "2021-12-20T20:08:46.000Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:37:16.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25171 (GCVE-0-2020-25171)

    Vulnerability from cvelistv5 – Published: 2021-02-19 17:06 – Updated: 2024-08-04 15:26
    VLAI
    Title
    Fuji Electric V-Server Lite
    Summary
    The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: unspecified , < 3.3.24.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "3.3.24.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "OUT-OF-BOUNDS WRITE CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T17:06:18.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
            }
          ],
          "source": {
            "advisory": "ICSA-20-329-02",
            "discovery": "UNKNOWN"
          },
          "title": "Fuji Electric V-Server Lite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-25171",
              "STATE": "PUBLIC",
              "TITLE": "Fuji Electric V-Server Lite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.3.24.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS WRITE CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
                }
              ]
            },
            "source": {
              "advisory": "ICSA-20-329-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25171",
        "datePublished": "2021-02-19T17:06:18.000Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:26:10.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10637 (GCVE-0-2018-10637)

    Vulnerability from cvelistv5 – Published: 2018-09-13 20:00 – Updated: 2024-09-17 01:11
    VLAI
    Summary
    A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
    Severity
    No CVSS data available.
    CWE
    • CWE-120 - BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fuji Electric V-Server Lite Affected: 4.0.3.0 and prior
    Create a notification for this product.
    Date Public
    2018-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:47.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105328",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105328"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server Lite",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.3.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-14T09:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "105328",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105328"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-11T00:00:00",
              "ID": "CVE-2018-10637",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V-Server Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0.3.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fuji Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105328",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105328"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10637",
        "datePublished": "2018-09-13T20:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:11:13.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }