Search

Find a vulnerability

Search criteria

    81 vulnerabilities found for v-server by fujielectric

    VAR-202301-0098

    Vulnerability from variot - Updated: 2025-08-17 23:31

    Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0098",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.12.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "v4.0.12.0  and earlier"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.12.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "cve": "CVE-2022-47317",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-18183",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-47317",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002838",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47317",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47317",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002838",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-18183",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202301-102",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47317"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU92811888",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47317",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "id": "VAR-202301-0098",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          }
        ],
        "trust": 1.47058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          }
        ]
      },
      "last_update_date": "2025-08-17T23:31:57.855000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Improvement information \u00a022C0S04",
            "trust": 0.8,
            "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
          },
          {
            "title": "Patch for Fuji Electric V-Server Out-of-Bounds Write Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717856"
          },
          {
            "title": "Fuji Electric V-Server Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220828"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-47317 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds read (CWE-125) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://jvn.jp/en/vu/jvnvu92811888/index.html"
          },
          {
            "trust": 2.3,
            "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
          },
          {
            "trust": 1.2,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47317/"
          },
          {
            "trust": 1.2,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002838.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu92811888/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-47317"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47317"
          },
          {
            "date": "2023-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          },
          {
            "date": "2023-01-03T03:15:10.857000",
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18183"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47317"
          },
          {
            "date": "2023-01-04T03:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          },
          {
            "date": "2025-04-10T15:15:57.253000",
            "db": "NVD",
            "id": "CVE-2022-47317"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Fuji Electric \u00a0V-Server\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-102"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202301-0096

    Vulnerability from variot - Updated: 2025-08-17 23:31

    Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data.

    Fuji Electric V-Server contains a buffer overflow vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0096",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.12.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "v4.0.12.0  and earlier"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.12.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "cve": "CVE-2022-47908",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-18182",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-47908",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002838",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47908",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47908",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002838",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-18182",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202301-101",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data. \n\nFuji Electric V-Server contains a buffer overflow vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47908"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47908",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU92811888",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47908",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "id": "VAR-202301-0096",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          }
        ],
        "trust": 1.47058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          }
        ]
      },
      "last_update_date": "2025-08-17T23:31:57.823000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Improvement information \u00a022C0S04",
            "trust": 0.8,
            "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
          },
          {
            "title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717836"
          },
          {
            "title": "Fuji Electric V-Server Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220827"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-47908 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds read (CWE-125) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://jvn.jp/en/vu/jvnvu92811888/index.html"
          },
          {
            "trust": 2.3,
            "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
          },
          {
            "trust": 1.2,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47908/"
          },
          {
            "trust": 1.2,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002838.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu92811888/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-47908"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47908"
          },
          {
            "date": "2023-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          },
          {
            "date": "2023-01-03T03:15:10.990000",
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18182"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47908"
          },
          {
            "date": "2023-01-04T03:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          },
          {
            "date": "2025-04-10T16:15:26.813000",
            "db": "NVD",
            "id": "CVE-2022-47908"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Fuji Electric \u00a0V-Server\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-101"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202301-0097

    Vulnerability from variot - Updated: 2025-08-17 23:31

    Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data.

    An out-of-bounds read vulnerability exists in Fuji Electric V-Server

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0097",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.12.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "v4.0.12.0  and earlier"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.12.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "cve": "CVE-2022-41645",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-18184",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-41645",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002838",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-41645",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-41645",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002838",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-18184",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202301-111",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data. \n\nAn out-of-bounds read vulnerability exists in Fuji Electric V-Server",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-41645"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-41645",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU92811888",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-41645",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-41645"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "id": "VAR-202301-0097",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          }
        ],
        "trust": 1.47058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          }
        ]
      },
      "last_update_date": "2025-08-17T23:31:57.792000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Improvement information \u00a022C0S04",
            "trust": 0.8,
            "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
          },
          {
            "title": "Patch for Fuji Electric V-Server Out-of-Bounds Read Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/717871"
          },
          {
            "title": "Fuji Electric V-Server Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220834"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-41645 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-41645"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds read (CWE-125) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/vu/jvnvu92811888/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu92811888/index.html"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-41645"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-41645/"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002838.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-41645"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-41645"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-41645"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-41645"
          },
          {
            "date": "2023-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          },
          {
            "date": "2023-01-03T03:15:10.047000",
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18184"
          },
          {
            "date": "2023-01-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-41645"
          },
          {
            "date": "2023-01-04T03:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          },
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          },
          {
            "date": "2025-04-10T17:15:34.790000",
            "db": "NVD",
            "id": "CVE-2022-41645"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Fuji Electric \u00a0V-Server\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002838"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202301-111"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202311-0454

    Vulnerability from variot - Updated: 2025-07-28 23:11

    Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed. Fuji Electric's V-Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric V-Server and Fuji Electric V-Server Lite are both products of Fuji Electric Corporation of Japan. Fuji Electric V-Server is a set of software for collecting and managing real-time field data. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information from devices such as PLCs, temperature controllers, inverters, etc.

    Fuji Electric V-Server/V-Server Lite has a buffer overflow vulnerability, which is caused by a boundary error when the application processes untrusted input

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202311-0454",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.18.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "4.0.18.0  and earlier"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.18.0"
          },
          {
            "model": "electric v-server lite",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.18.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "cve": "CVE-2023-47586",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-16676",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2023-47586",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-47586",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-47586",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-47586",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-16676",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed. Fuji Electric\u0027s V-Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric V-Server and Fuji Electric V-Server Lite are both products of Fuji Electric Corporation of Japan. Fuji Electric V-Server is a set of software for collecting and managing real-time field data. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information from devices such as PLCs, temperature controllers, inverters, etc. \n\nFuji Electric V-Server/V-Server Lite has a buffer overflow vulnerability, which is caused by a boundary error when the application processes untrusted input",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-47586"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-47586",
            "trust": 3.2
          },
          {
            "db": "JVN",
            "id": "JVNVU93840158",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "id": "VAR-202311-0454",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          }
        ],
        "trust": 1.47058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          }
        ]
      },
      "last_update_date": "2025-07-28T23:11:21.235000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Fuji Electric V-Server/V-Server Lite Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/711321"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://jvn.jp/en/vu/jvnvu93840158/"
          },
          {
            "trust": 1.8,
            "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
          },
          {
            "trust": 1.8,
            "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-47586"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          },
          {
            "date": "2024-01-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "date": "2023-11-15T06:15:28.303000",
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16676"
          },
          {
            "date": "2024-01-09T01:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          },
          {
            "date": "2023-11-21T21:49:07.800000",
            "db": "NVD",
            "id": "CVE-2023-47586"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0V-Server\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017368"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201707-1005

    Vulnerability from variot - Updated: 2025-04-20 23:04

    An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1005",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "3.3.22.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "3.3.22.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=3.3.22.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-9639",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9639",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9639",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22993",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9639",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9639",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9639",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2017-9639",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22993",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-864",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition.  An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9639",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-192-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "99544",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4030",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-192-03",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "D5865A84-E9FB-47B5-8F83-EDAC0330897F",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "id": "VAR-201707-1005",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          }
        ],
        "trust": 1.67058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:04:20.729000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02"
          },
          {
            "title": "Fuji Electric V-Server Memory Corruption Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/100865"
          },
          {
            "title": "Fuji Electric V-Server Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99873"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/99544"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9639"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9639"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-03"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "BID",
            "id": "99544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "date": "2017-07-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "BID",
            "id": "99544"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "date": "2017-07-17T19:29:00.340000",
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-485"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "BID",
            "id": "99544"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-9639"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Memory corruption vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22993"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005845"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-864"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201906-0327

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0327",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "fuji electric",
            "version": "6.0.33.0"
          },
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.0.33.0"
          },
          {
            "model": "electric v-server",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.0.33.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.9.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.8.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.7.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.6.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.5.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.4.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.32.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.31.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.30.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.3.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.29.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.28.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.27.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.26.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.25.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.24.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.23.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.22.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.21.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.20.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.2.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.19.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.18.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.17.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.16.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.15.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.14.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.13.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.12.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.11.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.10.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.33.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-3946",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-3946",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-3946",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-25688",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-3946",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-3946",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-3946",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3946",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3946",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-25688",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-559",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-3946",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          }
        ],
        "trust": 3.42
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-3946",
            "trust": 4.4
          },
          {
            "db": "TENABLE",
            "id": "TRA-2019-27",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "108740",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B858CD6C-22D1-49A4-A77A-E989933C9367",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "id": "VAR-201906-0327",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          }
        ],
        "trust": 1.56029412
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:33:54.410000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "V-Server",
            "trust": 1.6,
            "url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
          },
          {
            "title": "Fuji Electric V-Server enters a patch to verify the error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/172789"
          },
          {
            "title": "Fuji Electric V-Server Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93791"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.2,
            "url": "https://www.tenable.com/security/research/tra-2019-27"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/108740"
          },
          {
            "trust": 0.9,
            "url": "http://www.fujielectric.com/"
          },
          {
            "trust": 0.9,
            "url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3946"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3946"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/190.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-02T00:00:00",
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "date": "2019-08-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "date": "2019-06-12T15:29:00.863000",
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "date": "2019-06-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3946"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005490"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          },
          {
            "date": "2024-11-21T04:42:55.280000",
            "db": "NVD",
            "id": "CVE-2019-3946"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Input validation error vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-559"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201906-0328

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0328",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.0.33.0"
          },
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "6.0.33.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.9.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.8.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.7.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.6.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.5.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.4.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.32.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.31.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.30.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.3.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.29.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.28.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.27.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.26.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.25.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.24.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.23.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.22.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.21.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.20.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.2.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.19.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.18.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.17.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.16.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.15.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.14.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.13.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.12.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.11.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.10.0"
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "6.0.33.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-3947",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-3947",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-3947",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-3947",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3947",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-558",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-3947",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TENABLE",
            "id": "TRA-2019-27",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "108740",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3947",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "id": "VAR-201906-0328",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.65
      },
      "last_update_date": "2024-11-23T22:33:54.379000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "V-Server",
            "trust": 0.8,
            "url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
          },
          {
            "title": "Fuji Electric V-Server Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93790"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.tenable.com/security/research/tra-2019-27"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/108740"
          },
          {
            "trust": 0.9,
            "url": "http://www.fujielectric.com/"
          },
          {
            "trust": 0.9,
            "url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/522.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "db": "BID",
            "id": "108740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "date": "2019-06-12T15:29:00.910000",
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3947"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "BID",
            "id": "108740"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          },
          {
            "date": "2024-11-21T04:42:55.407000",
            "db": "NVD",
            "id": "CVE-2019-3947"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Vulnerabilities related to certificate and password management",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005462"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-558"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1048

    Vulnerability from variot - Updated: 2024-11-23 22:29

    In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data.

    A buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 3.5,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "kimiya of 9SG",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ],
        "trust": 4.1
      },
      "cve": "CVE-2019-18240",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-18240",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-41427",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-18240",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 3.5,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-18240",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-18240",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2019-18240",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-18240",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-18240",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41427",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-426",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer.  An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. \n\nA buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          }
        ],
        "trust": 5.49
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-18240",
            "trust": 6.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-311-02",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971",
            "trust": 1.3
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4210",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8848",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8931",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8844",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8904",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8932",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "C161EB5B-3004-48C3-93E9-62AC80F32CD5",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "id": "VAR-201911-1048",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          }
        ],
        "trust": 1.67058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:50.428000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability (CNVD-2019-41427)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/191105"
          },
          {
            "title": "Fuji Electric V-Server Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103039"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 7.1,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18240"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4210/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18240"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-971/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-968",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18240",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-11-20T00:00:00",
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-968",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-970",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-967",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-969",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-971",
            "ident": null
          },
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "ident": null
          },
          {
            "date": "2019-11-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "ident": null
          },
          {
            "date": "2019-11-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "ident": null
          },
          {
            "date": "2019-11-13T23:15:11.433000",
            "db": "NVD",
            "id": "CVE-2019-18240",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-968",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-970",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-967",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-969",
            "ident": null
          },
          {
            "date": "2019-11-11T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-971",
            "ident": null
          },
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41427",
            "ident": null
          },
          {
            "date": "2019-11-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012000",
            "ident": null
          },
          {
            "date": "2020-07-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-426",
            "ident": null
          },
          {
            "date": "2024-11-21T04:32:54.107000",
            "db": "NVD",
            "id": "CVE-2019-18240",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-968"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-969"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-971"
          }
        ],
        "trust": 3.5
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-426"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0083

    Vulnerability from variot - Updated: 2024-11-23 22:26

    A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. V-Server Lite 4.0.3.0 and prior versions are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "lite 4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "2.1.36.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "2.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-10637",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10637",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10637",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-10637",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10637",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10637",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-10637",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-575",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nV-Server Lite 4.0.3.0 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10637",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105328",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6376",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "id": "VAR-201809-0083",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.87058824
      },
      "last_update_date": "2024-11-23T22:26:14.101000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
          },
          {
            "title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84842"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105328"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10637"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10637"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023"
          },
          {
            "db": "BID",
            "id": "105328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "date": "2018-12-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "date": "2018-09-13T19:29:00.277000",
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1023",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105328",
            "ident": null
          },
          {
            "date": "2018-12-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010848",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-575",
            "ident": null
          },
          {
            "date": "2024-11-21T03:41:42.753000",
            "db": "NVD",
            "id": "CVE-2018-10637",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Lite Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010848"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-575"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0157

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0157",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ghirmay Desta",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-14823",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14823",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14823",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-19612",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125021",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14823",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14823",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14823",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14823",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-14823",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-19612",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-582",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125021",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14823",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5889",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD1B23-39AB-11E9-8157-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "id": "VAR-201809-0157",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:24.141000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/140889"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84850"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14823"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14823"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-21T00:00:00",
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "date": "2018-09-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "date": "2018-09-26T20:29:00.980000",
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1012"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19612"
          },
          {
            "date": "2020-08-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125021"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          },
          {
            "date": "2024-11-21T03:49:52.330000",
            "db": "NVD",
            "id": "CVE-2018-14823"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010431"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-582"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0153

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. An integer underflow vulnerability 6. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-14815",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14815",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14815",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20785",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125012",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14815",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14815",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14815",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14815",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20785",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-579",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125012",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. An integer underflow vulnerability\n6. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14815",
            "trust": 5.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5881",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5882",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD6941-39AB-11E9-AEED-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "id": "VAR-201809-0153",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:24.091000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric V-Server patch for out-of-bounds write vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142221"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84846"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14815"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14815"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1015"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-125012",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14815",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "ident": null
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125012",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "ident": null
          },
          {
            "date": "2018-09-26T20:29:00.620000",
            "db": "NVD",
            "id": "CVE-2018-14815",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1015",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1016",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20785",
            "ident": null
          },
          {
            "date": "2018-11-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125012",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010416",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-579",
            "ident": null
          },
          {
            "date": "2024-11-21T03:49:51.263000",
            "db": "NVD",
            "id": "CVE-2018-14815",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Vulnerable to out-of-bounds writing",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010416"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-579"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0150

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0150",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-14809",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14809",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14809",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-19868",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d85b770-463f-11e9-a599-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125005",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14809",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14809",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14809",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14809",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-19868",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-576",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d85b770-463f-11e9-a599-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125005",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          }
        ],
        "trust": 3.69
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14809",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5885",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5877",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D85B770-463F-11E9-A599-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "id": "VAR-201809-0150",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:24.046000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/141099"
          },
          {
            "title": "Fuji Electric V-Server VPR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84843"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14809"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14809"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-27T00:00:00",
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "date": "2018-09-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "date": "2018-09-26T20:29:00.293000",
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1019"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1010"
          },
          {
            "date": "2019-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125005"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010413"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          },
          {
            "date": "2024-11-21T03:49:50.547000",
            "db": "NVD",
            "id": "CVE-2018-14809"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19868"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b770-463f-11e9-a599-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-576"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0152

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0152",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-14813",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14813",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14813",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20754",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125010",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14813",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14813",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14813",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14813",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14813",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20754",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-578",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125010",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14813",
            "trust": 5.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5883",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5879",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD1B22-39AB-11E9-970B-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "id": "VAR-201809-0152",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.999000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142229"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84845"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14813"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14813"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "date": "2018-09-26T20:29:00.510000",
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1017"
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1013"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          },
          {
            "date": "2020-08-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125010"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010415"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          },
          {
            "date": "2024-11-21T03:49:50.993000",
            "db": "NVD",
            "id": "CVE-2018-14813"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20754"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-578"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0151

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 3.5,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2018-14811",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14811",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 3.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14811",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-03306",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d85de80-463f-11e9-8522-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125008",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14811",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-14811",
                "trust": 3.5,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14811",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14811",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-03306",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-577",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d85de80-463f-11e9-8522-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125008",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer.  An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          }
        ],
        "trust": 5.85
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14811",
            "trust": 7.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5880",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5878",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5886",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5888",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5887",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D85DE80-463F-11E9-8522-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "id": "VAR-201809-0151",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.937000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric V-Server releases patches for reusing vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/152185"
          },
          {
            "title": "Fuji Electric V-Server VPR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84844"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-822",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 6.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14811"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14811"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1014"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-125008",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14811",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-01-30T00:00:00",
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "ident": null
          },
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "ident": null
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125008",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "ident": null
          },
          {
            "date": "2018-09-26T20:29:00.403000",
            "db": "NVD",
            "id": "CVE-2018-14811",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1014",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1011",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1020",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1022",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1021",
            "ident": null
          },
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-03306",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125008",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010414",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-577",
            "ident": null
          },
          {
            "date": "2024-11-21T03:49:50.773000",
            "db": "NVD",
            "id": "CVE-2018-14811",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server VPR File Parsing CArchive Read Untrusted Pointer Dereference Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1020"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1021"
          }
        ],
        "trust": 2.1
      },
      "type": {
        "_id": null,
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "7d85de80-463f-11e9-8522-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-577"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0154

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0154",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:fujielectric:v-server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steven Seeley (mr_me) of Source Incite and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
        "sources": [
          {
            "db": "BID",
            "id": "105341"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-14817",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14817",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20784",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125014",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14817",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14817",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14817",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20784",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-580",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125014",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14817",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2FD6940-39AB-11E9-8108-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "id": "VAR-201809-0154",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.896000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Patch for Fuji Electric V-Server Integer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142217"
          },
          {
            "title": "Fuji Electric V-Server VPR Fixes for digital error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84847"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-191",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14817"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14817"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "date": "2018-09-26T20:29:00.747000",
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125014"
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010417"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          },
          {
            "date": "2024-11-21T03:49:51.510000",
            "db": "NVD",
            "id": "CVE-2018-14817"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric V-Server Integer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20784"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "digital error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-580"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0155

    Vulnerability from variot - Updated: 2024-11-23 21:38

    Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fuji electric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric v-server vpr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.3.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fujielectric",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.3.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.1.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.0.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "3.3.22.0"
          },
          {
            "_id": null,
            "model": "electric v-server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fuji",
            "version": "4.0.4.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "v server",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Steven Seeley (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-14819",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14819",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-14819",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20780",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-125016",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14819",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14819",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14819",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-14819",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20780",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-581",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125016",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14819",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105341",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5884",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD422F-39AB-11E9-AF52-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "id": "VAR-201809-0155",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          }
        ],
        "trust": 1.77058824
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:38:23.853000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
          },
          {
            "title": "Fuji Electric V-Server cross-border read vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142203"
          },
          {
            "title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84848"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/105341"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14819"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14819"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujielectric.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1018"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016"
          },
          {
            "db": "BID",
            "id": "105341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-125016",
            "ident": null
          },
          {
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14819",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-10-12T00:00:00",
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
            "ident": null
          },
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "ident": null
          },
          {
            "date": "2018-09-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125016",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "ident": null
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "ident": null
          },
          {
            "date": "2018-09-26T20:29:00.870000",
            "db": "NVD",
            "id": "CVE-2018-14819",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1018",
            "ident": null
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20780",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125016",
            "ident": null
          },
          {
            "date": "2018-09-11T00:00:00",
            "db": "BID",
            "id": "105341",
            "ident": null
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010430",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-581",
            "ident": null
          },
          {
            "date": "2024-11-21T03:49:51.803000",
            "db": "NVD",
            "id": "CVE-2018-14819",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Fuji Electric V-Server Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010430"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-581"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202101-1105

    Vulnerability from variot - Updated: 2024-11-23 21:26

    A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-22641",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22641",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17707",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22641",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22641",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22641",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22641",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22641",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-22641",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17707",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2393",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22641",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files.  The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer.  An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22641",
            "trust": 3.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-099",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11669",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "id": "VAR-202101-1105",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:26:42.245000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17707)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252926"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 2.5,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-099/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22641"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-099",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22641",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-099",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "ident": null
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "ident": null
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "ident": null
          },
          {
            "date": "2021-01-27T20:15:13.207000",
            "db": "NVD",
            "id": "CVE-2021-22641",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-06-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-099",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17707",
            "ident": null
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22641",
            "ident": null
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002821",
            "ident": null
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2393",
            "ident": null
          },
          {
            "date": "2024-11-21T05:50:22.220000",
            "db": "NVD",
            "id": "CVE-2021-22641",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002821"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2393"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0898

    Vulnerability from variot - Updated: 2024-11-23 20:48

    Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment.

    Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds read vulnerability. Attackers can use this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0898",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "cve": "CVE-2021-22655",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22655",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17710",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22655",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22655",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22655",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22655",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17710",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2403",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22655",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment. \n\r\n\r\nFuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds read vulnerability. Attackers can use this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22655"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22655",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2403",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22655",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "id": "VAR-202101-0898",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:48:55.682000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite out-of-bounds read vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252816"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22655"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22655"
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          },
          {
            "date": "2021-01-27T20:15:13.397000",
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17710"
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22655"
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          },
          {
            "date": "2024-11-21T05:50:24.890000",
            "db": "NVD",
            "id": "CVE-2021-22655"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds read vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002823"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2403"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1104

    Vulnerability from variot - Updated: 2024-11-23 20:26

    An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-22639",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22639",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17708",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22639",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22639",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22639",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22639",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22639",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-22639",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17708",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2398",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22639",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22639",
            "trust": 3.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-098",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11668",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "id": "VAR-202101-1104",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:26:42.576000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17708)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252906"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-824",
            "trust": 1.0
          },
          {
            "problemtype": "Accessing uninitialized pointers (CWE-824) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 2.5,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-098/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22639"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/824.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195684"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-098",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22639",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-098",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "ident": null
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "ident": null
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "ident": null
          },
          {
            "date": "2021-01-27T20:15:12.847000",
            "db": "NVD",
            "id": "CVE-2021-22639",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-06-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-098",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17708",
            "ident": null
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22639",
            "ident": null
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002820",
            "ident": null
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2398",
            "ident": null
          },
          {
            "date": "2024-11-21T05:50:21.947000",
            "db": "NVD",
            "id": "CVE-2021-22639",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Vulnerability in accessing uninitialized pointers in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002820"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2398"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0897

    Vulnerability from variot - Updated: 2024-11-23 19:59

    Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment.

    Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds write vulnerability, which can be exploited by attackers to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0897",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "cve": "CVE-2021-22653",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22653",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17709",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22653",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22653",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22653",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22653",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17709",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2401",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22653",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22653"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment. \n\r\n\r\nFuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds write vulnerability, which can be exploited by attackers to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22653"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22653"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22653",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2401",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22653",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22653"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "id": "VAR-202101-0897",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:59:32.536000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite out-of-bounds write vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252821"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22653"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22653"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22653"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22653"
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          },
          {
            "date": "2021-01-27T20:15:13.317000",
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17709"
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22653"
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          },
          {
            "date": "2024-11-21T05:50:24.550000",
            "db": "NVD",
            "id": "CVE-2021-22653"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002822"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2401"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1103

    Vulnerability from variot - Updated: 2024-11-23 19:25

    Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "v-server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "lite 4.0.10.0"
          },
          {
            "_id": null,
            "model": "v-server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "_id": null,
            "model": "v-server lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          },
          {
            "_id": null,
            "model": "electric v-server lite",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "4.0.10.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-22637",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22637",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-17711",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22637",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22637",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-22637",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22637",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22637",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-22637",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-17711",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2406",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22637",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files.  The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22637",
            "trust": 3.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-097",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-026-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU93293369",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11170",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "id": "VAR-202101-1103",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          }
        ],
        "trust": 1.53529412
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:25:31.113000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.fujielectric.com/index.html"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/252811"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "trust": 2.5,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-097/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22637"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93293369/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-097",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22637",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-097",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "ident": null
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "ident": null
          },
          {
            "date": "2021-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "ident": null
          },
          {
            "date": "2021-01-27T20:15:12.770000",
            "db": "NVD",
            "id": "CVE-2021-22637",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-097",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-17711",
            "ident": null
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22637",
            "ident": null
          },
          {
            "date": "2021-10-05T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002819",
            "ident": null
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2406",
            "ident": null
          },
          {
            "date": "2024-11-21T05:50:21.713000",
            "db": "NVD",
            "id": "CVE-2021-22637",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002819"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2406"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-47586 (GCVE-0-2023-47586)

    Vulnerability from nvd – Published: 2023-11-15 06:03 – Updated: 2024-08-29 17:50
    VLAI
    Summary
    Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Lite Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    fujielectric v-server_lite Affected: 0 , < V4.0.18.0 (custom)
        cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:37.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93840158/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "v-server_lite",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "V4.0.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T17:48:25.083109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T17:50:00.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            },
            {
              "product": "V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap-based buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T06:03:46.888Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93840158/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47586",
        "datePublished": "2023-11-15T06:03:46.888Z",
        "dateReserved": "2023-11-07T02:41:20.173Z",
        "dateUpdated": "2024-08-29T17:50:00.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47585 (GCVE-0-2023-47585)

    Vulnerability from nvd – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:13
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds read
    Assigner
    Impacted products
    Vendor Product Version
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Lite Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    fujielectric v-server_lite Affected: 0 , < V4.0.18.0 (custom)
        cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:37.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93840158/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "v-server_lite",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "V4.0.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T15:11:07.366451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T15:13:49.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            },
            {
              "product": "V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T06:03:31.138Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93840158/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47585",
        "datePublished": "2023-11-15T06:03:31.138Z",
        "dateReserved": "2023-11-07T02:41:20.173Z",
        "dateUpdated": "2024-08-29T15:13:49.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47584 (GCVE-0-2023-47584)

    Vulnerability from nvd – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:15
    VLAI
    Summary
    Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds write
    Assigner
    Impacted products
    Vendor Product Version
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Lite Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    fujielectric v-server_lite Affected: 0 , < V4.0.18.0 (custom)
        cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:37.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93840158/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "v-server_lite",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "V4.0.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T15:14:50.816482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T15:15:45.277Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            },
            {
              "product": "V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.\r\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T06:03:19.425Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93840158/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47584",
        "datePublished": "2023-11-15T06:03:19.425Z",
        "dateReserved": "2023-11-07T02:41:20.173Z",
        "dateUpdated": "2024-08-29T15:15:45.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31239 (GCVE-0-2023-31239)

    Vulnerability from nvd – Published: 2023-06-19 00:00 – Updated: 2024-12-23 21:34
    VLAI
    Summary
    Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Stack-based Buffer Overflow
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.695Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98818508/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-23T21:34:08.650253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-23T21:34:13.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server and V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.0.15.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-19T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98818508/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-31239",
        "datePublished": "2023-06-19T00:00:00.000Z",
        "dateReserved": "2023-05-11T00:00:00.000Z",
        "dateUpdated": "2024-12-23T21:34:13.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47908 (GCVE-0-2022-47908)

    Vulnerability from nvd – Published: 2023-01-03 00:00 – Updated: 2025-04-10 15:48
    VLAI
    Summary
    Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Stack-based Buffer Overflow
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:02:36.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92811888/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47908",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T15:48:05.005053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T15:48:28.275Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.0.12.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-03T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92811888/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-47908",
        "datePublished": "2023-01-03T00:00:00.000Z",
        "dateReserved": "2022-12-26T00:00:00.000Z",
        "dateUpdated": "2025-04-10T15:48:28.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47586 (GCVE-0-2023-47586)

    Vulnerability from cvelistv5 – Published: 2023-11-15 06:03 – Updated: 2024-08-29 17:50
    VLAI
    Summary
    Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Lite Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    fujielectric v-server_lite Affected: 0 , < V4.0.18.0 (custom)
        cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:37.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93840158/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "v-server_lite",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "V4.0.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T17:48:25.083109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T17:50:00.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            },
            {
              "product": "V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap-based buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T06:03:46.888Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93840158/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47586",
        "datePublished": "2023-11-15T06:03:46.888Z",
        "dateReserved": "2023-11-07T02:41:20.173Z",
        "dateUpdated": "2024-08-29T17:50:00.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47585 (GCVE-0-2023-47585)

    Vulnerability from cvelistv5 – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:13
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds read
    Assigner
    Impacted products
    Vendor Product Version
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Lite Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    fujielectric v-server_lite Affected: 0 , < V4.0.18.0 (custom)
        cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:37.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93840158/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "v-server_lite",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "V4.0.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T15:11:07.366451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T15:13:49.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            },
            {
              "product": "V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T06:03:31.138Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93840158/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47585",
        "datePublished": "2023-11-15T06:03:31.138Z",
        "dateReserved": "2023-11-07T02:41:20.173Z",
        "dateUpdated": "2024-08-29T15:13:49.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47584 (GCVE-0-2023-47584)

    Vulnerability from cvelistv5 – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:15
    VLAI
    Summary
    Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds write
    Assigner
    Impacted products
    Vendor Product Version
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. V-Server Lite Affected: V4.0.18.0 and earlier
    Create a notification for this product.
    fujielectric v-server_lite Affected: 0 , < V4.0.18.0 (custom)
        cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:37.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93840158/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "v-server_lite",
                "vendor": "fujielectric",
                "versions": [
                  {
                    "lessThan": "V4.0.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T15:14:50.816482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T15:15:45.277Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            },
            {
              "product": "V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.0.18.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.\r\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T06:03:19.425Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93840158/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47584",
        "datePublished": "2023-11-15T06:03:19.425Z",
        "dateReserved": "2023-11-07T02:41:20.173Z",
        "dateUpdated": "2024-08-29T15:15:45.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31239 (GCVE-0-2023-31239)

    Vulnerability from cvelistv5 – Published: 2023-06-19 00:00 – Updated: 2024-12-23 21:34
    VLAI
    Summary
    Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Stack-based Buffer Overflow
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.695Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98818508/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-23T21:34:08.650253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-23T21:34:13.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V-Server and V-Server Lite",
              "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.0.15.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-19T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98818508/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-31239",
        "datePublished": "2023-06-19T00:00:00.000Z",
        "dateReserved": "2023-05-11T00:00:00.000Z",
        "dateUpdated": "2024-12-23T21:34:13.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }