Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
24 vulnerabilities found for V-Server Lite by Fuji Electric
VAR-201809-0083
Vulnerability from variot - Updated: 2024-11-23 22:26A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. V-Server Lite 4.0.3.0 and prior versions are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "lite 4.0.3.0"
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2.1.36.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2.0.0.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
}
],
"trust": 0.7
},
"cve": "CVE-2018-10637",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10637",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10637",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-10637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10637",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-10637",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-575",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"description": {
"_id": null,
"data": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nV-Server Lite 4.0.3.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-10637",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-02",
"trust": 2.7
},
{
"db": "BID",
"id": "105328",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6376",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1023",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"id": "VAR-201809-0083",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.87058824
},
"last_update_date": "2024-11-23T22:26:14.101000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
},
{
"title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84842"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105328"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10637"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10637"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"db": "BID",
"id": "105328",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105328",
"ident": null
},
{
"date": "2018-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"date": "2018-09-13T19:29:00.277000",
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105328",
"ident": null
},
{
"date": "2018-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"date": "2024-11-21T03:41:42.753000",
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Lite Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 0.6
}
}
VAR-202101-1105
Vulnerability from variot - Updated: 2024-11-23 21:26A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"credits": {
"_id": null,
"data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22641",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22641",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17707",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22641",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22641",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22641",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22641",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22641",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22641",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-17707",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22641",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"description": {
"_id": null,
"data": "A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22641",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-099",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11669",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-17707",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22641",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"id": "VAR-202101-1105",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17707"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17707"
}
]
},
"last_update_date": "2024-11-23T21:26:42.245000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17707)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252926"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-099/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22641"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-099",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-17707",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-22641",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22641",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-099",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17707",
"ident": null
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22641",
"ident": null
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"ident": null
},
{
"date": "2021-01-27T20:15:13.207000",
"db": "NVD",
"id": "CVE-2021-22641",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-099",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17707",
"ident": null
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22641",
"ident": null
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"ident": null
},
{
"date": "2024-11-21T05:50:22.220000",
"db": "NVD",
"id": "CVE-2021-22641",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
}
],
"trust": 0.6
}
}
VAR-202101-1104
Vulnerability from variot - Updated: 2024-11-23 20:26An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"credits": {
"_id": null,
"data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22639",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17708",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22639",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22639",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22639",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22639",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22639",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22639",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-17708",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2398",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22639",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"description": {
"_id": null,
"data": "An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22639",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-098",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11668",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-17708",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22639",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"id": "VAR-202101-1104",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17708"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17708"
}
]
},
"last_update_date": "2024-11-23T20:26:42.576000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17708)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252906"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-098/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22639"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/824.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195684"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-098",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-17708",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-22639",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22639",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-098",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17708",
"ident": null
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22639",
"ident": null
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"ident": null
},
{
"date": "2021-01-27T20:15:12.847000",
"db": "NVD",
"id": "CVE-2021-22639",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-098",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17708",
"ident": null
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22639",
"ident": null
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"ident": null
},
{
"date": "2024-11-21T05:50:21.947000",
"db": "NVD",
"id": "CVE-2021-22639",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
}
],
"trust": 0.6
}
}
VAR-202101-1103
Vulnerability from variot - Updated: 2024-11-23 19:25Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22637",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22637",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17711",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22637",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22637",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22637",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-17711",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2406",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22637",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"description": {
"_id": null,
"data": "Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22637",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-097",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11170",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-17711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22637",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"id": "VAR-202101-1103",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17711"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17711"
}
]
},
"last_update_date": "2024-11-23T19:25:31.113000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252811"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-097/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22637"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-097",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-17711",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-22637",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22637",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-097",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17711",
"ident": null
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22637",
"ident": null
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"ident": null
},
{
"date": "2021-01-27T20:15:12.770000",
"db": "NVD",
"id": "CVE-2021-22637",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-097",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17711",
"ident": null
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22637",
"ident": null
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"ident": null
},
{
"date": "2024-11-21T05:50:21.713000",
"db": "NVD",
"id": "CVE-2021-22637",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
}
],
"trust": 0.6
}
}
VAR-202004-2332
Vulnerability from variot - Updated: 2022-05-17 02:08This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-453"
}
]
},
"credits": {
"_id": null,
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-453"
}
],
"trust": 0.7
},
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "ZDI-20-453",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-20-453",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-453"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-453"
}
],
"trust": 0.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10138",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-453",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-453"
}
]
},
"id": "VAR-202004-2332",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2022-05-17T02:08:54.181000Z",
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-453",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-453",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-453",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-453"
}
],
"trust": 0.7
}
}
VAR-202004-2333
Vulnerability from variot - Updated: 2022-05-17 01:43This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-454"
}
]
},
"credits": {
"_id": null,
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-454"
}
],
"trust": 0.7
},
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "ZDI-20-454",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-20-454",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-454"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-454"
}
],
"trust": 0.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10137",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-454",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-454"
}
]
},
"id": "VAR-202004-2333",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2022-05-17T01:43:05.050000Z",
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-454",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-454",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-454",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-454"
}
],
"trust": 0.7
}
}
VAR-202102-0298
Vulnerability from variot - Updated: 2022-05-04 09:42The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "3.3.24.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "fuji electric",
"version": "lite 3.3.24.0 \u306e\u5168\u3066"
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.24.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"credits": {
"_id": null,
"data": "Tran Van Khang - khangkito of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25171",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25171",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-25171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-25171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25171",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009656",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-25171",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1837",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"description": {
"_id": null,
"data": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25171"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "ZDI",
"id": "ZDI-20-1384"
}
],
"trust": 2.25
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-25171",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-329-02",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU97620058",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11353",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-1384",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4169",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"id": "VAR-202102-0298",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2022-05-04T09:42:08.814000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fe Library | Search Remote Control Software Documents (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25171"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97620058"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25171"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4169/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1384",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-25171",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1384",
"ident": null
},
{
"date": "2020-11-26T06:26:17",
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"ident": null
},
{
"date": "2020-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"ident": null
},
{
"date": "2021-02-19T18:15:00",
"db": "NVD",
"id": "CVE-2020-25171",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1384",
"ident": null
},
{
"date": "2020-11-26T06:26:17",
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"ident": null
},
{
"date": "2021-02-25T22:16:00",
"db": "NVD",
"id": "CVE-2020-25171",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Made by Fuji Electric V-Server Lite Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
}
],
"trust": 0.6
}
}
VAR-202004-0059
Vulnerability from variot - Updated: 2022-05-04 09:21Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.9.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "fuji electric",
"version": "lite 4.0.9.0 \u306e\u5168\u3066"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"credits": {
"_id": null,
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
}
],
"trust": 1.4
},
"cve": "CVE-2020-10646",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10646",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-10646",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-10646",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003280",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-10646",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-10646",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-003280",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-374",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10646"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10646",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-098-04",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-452",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU98887141",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10119",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-451",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10120",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47584",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47741",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1254",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"id": "VAR-202004-0059",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2022-05-04T09:21:58.233000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
},
{
"title": "Fe Library",
"trust": 0.8,
"url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
},
{
"title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115595"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-122",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10646"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98887141/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47741"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-452/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10646"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1254/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47584"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-451",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-452",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10646",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-451",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-452",
"ident": null
},
{
"date": "2020-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"ident": null
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-374",
"ident": null
},
{
"date": "2020-04-13T19:15:00",
"db": "NVD",
"id": "CVE-2020-10646",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-451",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-452",
"ident": null
},
{
"date": "2020-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"ident": null
},
{
"date": "2020-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-374",
"ident": null
},
{
"date": "2020-04-13T20:11:00",
"db": "NVD",
"id": "CVE-2020-10646",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
}
],
"trust": 0.6
}
}
CVE-2021-38421 (GCVE-0-2021-38421)
Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator out of bounds read
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.
Severity ?
7.8 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator out of bounds read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38421",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38421",
"datePublished": "2021-12-20T20:08:48.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38419 (GCVE-0-2021-38419)
Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator out of bounds write
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:50.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator out of bounds write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38419",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38419",
"datePublished": "2021-12-20T20:08:50.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38415 (GCVE-0-2021-38415)
Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38415",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38415",
"datePublished": "2021-12-20T20:08:48.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38413 (GCVE-0-2021-38413)
Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:49.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38413",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38413",
"datePublished": "2021-12-20T20:08:49.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38409 (GCVE-0-2021-38409)
Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator uninitialized pointer
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38409",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38409",
"datePublished": "2021-12-20T20:08:46.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38401 (GCVE-0-2021-38401)
Vulnerability from nvd – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
Severity ?
7.8 (High)
CWE
- CWE-822 - - Untrusted pointer dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 - Untrusted pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:47.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38401",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822 - Untrusted pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38401",
"datePublished": "2021-12-20T20:08:47.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25171 (GCVE-0-2020-25171)
Vulnerability from nvd – Published: 2021-02-19 17:06 – Updated: 2024-08-04 15:26
VLAI?
Title
Fuji Electric V-Server Lite
Summary
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 3.3.24.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:10.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "3.3.24.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T17:06:18.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
],
"source": {
"advisory": "ICSA-20-329-02",
"discovery": "UNKNOWN"
},
"title": "Fuji Electric V-Server Lite",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25171",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric V-Server Lite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.24.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
]
},
"source": {
"advisory": "ICSA-20-329-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25171",
"datePublished": "2021-02-19T17:06:18.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:10.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10637 (GCVE-0-2018-10637)
Vulnerability from nvd – Published: 2018-09-13 20:00 – Updated: 2024-09-17 01:11
VLAI?
Summary
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
Severity ?
No CVSS data available.
CWE
- CWE-120 - BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
4.0.3.0 and prior
|
Date Public ?
2018-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105328"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-14T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105328"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-10637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105328"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10637",
"datePublished": "2018-09-13T20:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:13.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38419 (GCVE-0-2021-38419)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator out of bounds write
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:50.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator out of bounds write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38419",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38419",
"datePublished": "2021-12-20T20:08:50.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38413 (GCVE-0-2021-38413)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:49.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38413",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator stack based buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38413",
"datePublished": "2021-12-20T20:08:49.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38415 (GCVE-0-2021-38415)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38415",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator heap based buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38415",
"datePublished": "2021-12-20T20:08:48.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38421 (GCVE-0-2021-38421)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:44
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator out of bounds read
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.
Severity ?
7.8 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator out of bounds read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38421",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator out of bounds read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38421",
"datePublished": "2021-12-20T20:08:48.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38401 (GCVE-0-2021-38401)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
Severity ?
7.8 (High)
CWE
- CWE-822 - - Untrusted pointer dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 - Untrusted pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:47.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38401",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822 - Untrusted pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38401",
"datePublished": "2021-12-20T20:08:47.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38409 (GCVE-0-2021-38409)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:08 – Updated: 2024-08-04 01:37
VLAI?
Title
Fuji Electric Tellus Lite V-Simulator uninitialized pointer
Summary
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 4.0.12.0
(custom)
|
|||||||
|
|||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38409",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric Tellus Lite V-Simulator uninitialized pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
},
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.12.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2"
}
],
"source": {
"advisory": "ICSA-21-299-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38409",
"datePublished": "2021-12-20T20:08:46.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25171 (GCVE-0-2020-25171)
Vulnerability from cvelistv5 – Published: 2021-02-19 17:06 – Updated: 2024-08-04 15:26
VLAI?
Title
Fuji Electric V-Server Lite
Summary
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
unspecified , < 3.3.24.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:10.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "3.3.24.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T17:06:18.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
],
"source": {
"advisory": "ICSA-20-329-02",
"discovery": "UNKNOWN"
},
"title": "Fuji Electric V-Server Lite",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25171",
"STATE": "PUBLIC",
"TITLE": "Fuji Electric V-Server Lite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.24.0"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
]
},
"source": {
"advisory": "ICSA-20-329-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25171",
"datePublished": "2021-02-19T17:06:18.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:10.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10637 (GCVE-0-2018-10637)
Vulnerability from cvelistv5 – Published: 2018-09-13 20:00 – Updated: 2024-09-17 01:11
VLAI?
Summary
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
Severity ?
No CVSS data available.
CWE
- CWE-120 - BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server Lite |
Affected:
4.0.3.0 and prior
|
Date Public ?
2018-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105328"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server Lite",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-14T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105328"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-10637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server Lite",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105328"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10637",
"datePublished": "2018-09-13T20:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:13.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}