Search criteria
81 vulnerabilities found for v-server by fujielectric
VAR-202301-0098
Vulnerability from variot - Updated: 2025-08-17 23:31Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.12.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "v4.0.12.0 and earlier"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.12.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"cve": "CVE-2022-47317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-18183",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-47317",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002838",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-47317",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-47317",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002838",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-18183",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-102",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-102"
},
{
"db": "NVD",
"id": "CVE-2022-47317"
},
{
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-47317"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"db": "VULMON",
"id": "CVE-2022-47317"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92811888",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2022-47317",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2025-18183",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-102",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-47317",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"db": "VULMON",
"id": "CVE-2022-47317"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-102"
},
{
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"id": "VAR-202301-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
}
],
"trust": 1.47058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
}
]
},
"last_update_date": "2025-08-17T23:31:57.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Improvement information \u00a022C0S04",
"trust": 0.8,
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"title": "Patch for Fuji Electric V-Server Out-of-Bounds Write Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/717856"
},
{
"title": "Fuji Electric V-Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220828"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-47317 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"db": "VULMON",
"id": "CVE-2022-47317"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://jvn.jp/en/vu/jvnvu92811888/index.html"
},
{
"trust": 2.3,
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-47317/"
},
{
"trust": 1.2,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002838.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92811888/index.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-47317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"db": "VULMON",
"id": "CVE-2022-47317"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-102"
},
{
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"db": "VULMON",
"id": "CVE-2022-47317"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-102"
},
{
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"date": "2023-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-47317"
},
{
"date": "2023-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-102"
},
{
"date": "2023-01-03T03:15:10.857000",
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18183"
},
{
"date": "2023-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-47317"
},
{
"date": "2023-01-04T03:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"date": "2023-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-102"
},
{
"date": "2025-04-10T15:15:57.253000",
"db": "NVD",
"id": "CVE-2022-47317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Fuji Electric \u00a0V-Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-102"
}
],
"trust": 0.6
}
}
VAR-202301-0096
Vulnerability from variot - Updated: 2025-08-17 23:31Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data.
Fuji Electric V-Server contains a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.12.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "v4.0.12.0 and earlier"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.12.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"cve": "CVE-2022-47908",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-18182",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-47908",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002838",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-47908",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-47908",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002838",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-18182",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-101",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-101"
},
{
"db": "NVD",
"id": "CVE-2022-47908"
},
{
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data. \n\nFuji Electric V-Server contains a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-47908"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"db": "VULMON",
"id": "CVE-2022-47908"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-47908",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU92811888",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2025-18182",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-101",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-47908",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"db": "VULMON",
"id": "CVE-2022-47908"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-101"
},
{
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"id": "VAR-202301-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
}
],
"trust": 1.47058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
}
]
},
"last_update_date": "2025-08-17T23:31:57.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Improvement information \u00a022C0S04",
"trust": 0.8,
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/717836"
},
{
"title": "Fuji Electric V-Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220827"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-47908 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"db": "VULMON",
"id": "CVE-2022-47908"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://jvn.jp/en/vu/jvnvu92811888/index.html"
},
{
"trust": 2.3,
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-47908/"
},
{
"trust": 1.2,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002838.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92811888/index.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-47908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"db": "VULMON",
"id": "CVE-2022-47908"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-101"
},
{
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"db": "VULMON",
"id": "CVE-2022-47908"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-101"
},
{
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"date": "2023-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-47908"
},
{
"date": "2023-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-101"
},
{
"date": "2023-01-03T03:15:10.990000",
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18182"
},
{
"date": "2023-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-47908"
},
{
"date": "2023-01-04T03:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"date": "2023-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-101"
},
{
"date": "2025-04-10T16:15:26.813000",
"db": "NVD",
"id": "CVE-2022-47908"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Fuji Electric \u00a0V-Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-101"
}
],
"trust": 0.6
}
}
VAR-202301-0097
Vulnerability from variot - Updated: 2025-08-17 23:31Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data.
An out-of-bounds read vulnerability exists in Fuji Electric V-Server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.12.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "v4.0.12.0 and earlier"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.12.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"cve": "CVE-2022-41645",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-18184",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-41645",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002838",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-41645",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-41645",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002838",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-18184",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-111",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-111"
},
{
"db": "NVD",
"id": "CVE-2022-41645"
},
{
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. Provided by Fuji Electric Co., Ltd. V-Server contains multiple vulnerabilities: * Stack-based buffer overflow (( CWE-121 ) - CVE-2022-47908 It was * Out-of-bounds read (( CWE-125 ) - CVE-2022-41645 It was * Out-of-bounds writing (( CWE-787 ) - CVE-2022-47317 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server is software for collecting and managing real-time field data. \n\nAn out-of-bounds read vulnerability exists in Fuji Electric V-Server",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"db": "VULMON",
"id": "CVE-2022-41645"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41645",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU92811888",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2025-18184",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-111",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41645",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"db": "VULMON",
"id": "CVE-2022-41645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-111"
},
{
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"id": "VAR-202301-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
}
],
"trust": 1.47058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
}
]
},
"last_update_date": "2025-08-17T23:31:57.792000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Improvement information \u00a022C0S04",
"trust": 0.8,
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"title": "Patch for Fuji Electric V-Server Out-of-Bounds Read Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/717871"
},
{
"title": "Fuji Electric V-Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220834"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-41645 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"db": "VULMON",
"id": "CVE-2022-41645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-111"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu92811888/index.html"
},
{
"trust": 1.7,
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92811888/index.html"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-41645"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41645/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002838.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-41645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"db": "VULMON",
"id": "CVE-2022-41645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-111"
},
{
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"db": "VULMON",
"id": "CVE-2022-41645"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-111"
},
{
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"date": "2023-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41645"
},
{
"date": "2023-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-111"
},
{
"date": "2023-01-03T03:15:10.047000",
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18184"
},
{
"date": "2023-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41645"
},
{
"date": "2023-01-04T03:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-002838"
},
{
"date": "2023-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-111"
},
{
"date": "2025-04-10T17:15:34.790000",
"db": "NVD",
"id": "CVE-2022-41645"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-111"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Fuji Electric \u00a0V-Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002838"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-111"
}
],
"trust": 0.6
}
}
VAR-202311-0454
Vulnerability from variot - Updated: 2025-07-28 23:11Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed. Fuji Electric's V-Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric V-Server and Fuji Electric V-Server Lite are both products of Fuji Electric Corporation of Japan. Fuji Electric V-Server is a set of software for collecting and managing real-time field data. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information from devices such as PLCs, temperature controllers, inverters, etc.
Fuji Electric V-Server/V-Server Lite has a buffer overflow vulnerability, which is caused by a boundary error when the application processes untrusted input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-0454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.18.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "4.0.18.0 and earlier"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.18.0"
},
{
"model": "electric v-server lite",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.18.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"cve": "CVE-2023-47586",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-16676",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-47586",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-47586",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-47586",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-47586",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-16676",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed. Fuji Electric\u0027s V-Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric V-Server and Fuji Electric V-Server Lite are both products of Fuji Electric Corporation of Japan. Fuji Electric V-Server is a set of software for collecting and managing real-time field data. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information from devices such as PLCs, temperature controllers, inverters, etc. \n\nFuji Electric V-Server/V-Server Lite has a buffer overflow vulnerability, which is caused by a boundary error when the application processes untrusted input",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-47586"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"db": "CNVD",
"id": "CNVD-2025-16676"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-47586",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU93840158",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-017368",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-16676",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"id": "VAR-202311-0454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
}
],
"trust": 1.47058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
}
]
},
"last_update_date": "2025-07-28T23:11:21.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Fuji Electric V-Server/V-Server Lite Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/711321"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://jvn.jp/en/vu/jvnvu93840158/"
},
{
"trust": 1.8,
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"trust": 1.8,
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-47586"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-16676"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16676"
},
{
"date": "2024-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"date": "2023-11-15T06:15:28.303000",
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16676"
},
{
"date": "2024-01-09T01:23:00",
"db": "JVNDB",
"id": "JVNDB-2023-017368"
},
{
"date": "2023-11-21T21:49:07.800000",
"db": "NVD",
"id": "CVE-2023-47586"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0V-Server\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-017368"
}
],
"trust": 0.8
}
}
VAR-201707-1005
Vulnerability from variot - Updated: 2025-04-20 23:04An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "3.3.22.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "3.3.22.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=3.3.22.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-485"
}
],
"trust": 0.7
},
"cve": "CVE-2017-9639",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22993",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9639",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9639",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9639",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2017-9639",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22993",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-864",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9639",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-192-02",
"trust": 2.7
},
{
"db": "BID",
"id": "99544",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22993",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4030",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-485",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-192-03",
"trust": 0.6
},
{
"db": "IVD",
"id": "D5865A84-E9FB-47B5-8F83-EDAC0330897F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"id": "VAR-201707-1005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
}
],
"trust": 1.67058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
}
]
},
"last_update_date": "2025-04-20T23:04:20.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02"
},
{
"title": "Fuji Electric V-Server Memory Corruption Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100865"
},
{
"title": "Fuji Electric V-Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99873"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/99544"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9639"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9639"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-03"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"date": "2017-07-12T00:00:00",
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99544"
},
{
"date": "2017-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"date": "2017-07-17T19:29:00.340000",
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99544"
},
{
"date": "2017-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Memory corruption vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
}
],
"trust": 0.8
}
}
VAR-201906-0327
Vulnerability from variot - Updated: 2024-11-23 22:33Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lt",
"trust": 1.6,
"vendor": "fuji electric",
"version": "6.0.33.0"
},
{
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.0.33.0"
},
{
"model": "electric v-server",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "6.0.33.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.9.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.8.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.7.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.6.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.5.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.4.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.32.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.31.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.30.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.3.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.29.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.28.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.27.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.26.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.25.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.24.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.23.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.22.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.21.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.20.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.2.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.19.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.18.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.17.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.16.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.15.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.14.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.13.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.12.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.11.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.10.0"
},
{
"model": "electric monitouch v-sft",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.33.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "108740"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3946",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3946",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-25688",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3946",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3946",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3946",
"trust": 0.8,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2019-3946",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-25688",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-559",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3946",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3946",
"trust": 4.4
},
{
"db": "TENABLE",
"id": "TRA-2019-27",
"trust": 4.2
},
{
"db": "BID",
"id": "108740",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2019-25688",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462",
"trust": 0.8
},
{
"db": "IVD",
"id": "B858CD6C-22D1-49A4-A77A-E989933C9367",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-3946",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"id": "VAR-201906-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
}
],
"trust": 1.56029412
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
}
]
},
"last_update_date": "2024-11-23T22:33:54.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "V-Server",
"trust": 1.6,
"url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
},
{
"title": "Fuji Electric V-Server enters a patch to verify the error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/172789"
},
{
"title": "Fuji Electric V-Server Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93791"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "https://www.tenable.com/security/research/tra-2019-27"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/108740"
},
{
"trust": 0.9,
"url": "http://www.fujielectric.com/"
},
{
"trust": 0.9,
"url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3946"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"date": "2019-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2019-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"date": "2019-06-12T15:29:00.863000",
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"date": "2019-06-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"date": "2024-11-21T04:42:55.280000",
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Input validation error vulnerability",
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 0.8
}
}
VAR-201906-0328
Vulnerability from variot - Updated: 2024-11-23 22:33Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.0.33.0"
},
{
"model": "v-server",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji electric",
"version": "6.0.33.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.9.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.8.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.7.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.6.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.5.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.4.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.32.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.31.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.30.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.3.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.29.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.28.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.27.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.26.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.25.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.24.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.23.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.22.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.21.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.20.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.2.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.19.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.18.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.17.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.16.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.15.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.14.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.13.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.12.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.11.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.10.0"
},
{
"model": "electric monitouch v-sft",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.33.0"
}
],
"sources": [
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "108740"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3947",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3947",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3947",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3947",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-3947",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-558",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-3947",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3947"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "VULMON",
"id": "CVE-2019-3947"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2019-27",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2019-3947",
"trust": 2.8
},
{
"db": "BID",
"id": "108740",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3947",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"id": "VAR-201906-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65
},
"last_update_date": "2024-11-23T22:33:54.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "V-Server",
"trust": 0.8,
"url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
},
{
"title": "Fuji Electric V-Server Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93790"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.tenable.com/security/research/tra-2019-27"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/108740"
},
{
"trust": 0.9,
"url": "http://www.fujielectric.com/"
},
{
"trust": 0.9,
"url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2019-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"date": "2019-06-12T15:29:00.910000",
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"date": "2024-11-21T04:42:55.407000",
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
],
"trust": 0.6
}
}
VAR-201911-1048
Vulnerability from variot - Updated: 2024-11-23 22:29In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data.
A buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 3.5,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.6"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.6"
},
{
"_id": null,
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.6"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
}
]
},
"credits": {
"_id": null,
"data": "kimiya of 9SG",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
],
"trust": 4.1
},
"cve": "CVE-2019-18240",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18240",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41427",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-18240",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18240",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18240",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-18240",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18240",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18240",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-41427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-426",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"description": {
"_id": null,
"data": "In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. \n\nA buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
}
],
"trust": 5.49
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-18240",
"trust": 6.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-311-02",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-19-971",
"trust": 1.3
},
{
"db": "AUSCERT",
"id": "ESB-2019.4210",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2019-41427",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8848",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-968",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8931",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-970",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8844",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-967",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8904",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-969",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8932",
"trust": 0.7
},
{
"db": "IVD",
"id": "C161EB5B-3004-48C3-93E9-62AC80F32CD5",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"id": "VAR-201911-1048",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
}
],
"trust": 1.67058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
}
]
},
"last_update_date": "2024-11-23T22:29:50.428000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability (CNVD-2019-41427)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191105"
},
{
"title": "Fuji Electric V-Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103039"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 7.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18240"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4210/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18240"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-971/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-968",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-970",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-967",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-969",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-971",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-41427",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-18240",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-968",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-970",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-967",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-969",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-971",
"ident": null
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41427",
"ident": null
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"ident": null
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-426",
"ident": null
},
{
"date": "2019-11-13T23:15:11.433000",
"db": "NVD",
"id": "CVE-2019-18240",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-968",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-970",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-967",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-969",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-971",
"ident": null
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41427",
"ident": null
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"ident": null
},
{
"date": "2020-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-426",
"ident": null
},
{
"date": "2024-11-21T04:32:54.107000",
"db": "NVD",
"id": "CVE-2019-18240",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
}
],
"trust": 3.5
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
],
"trust": 0.8
}
}
VAR-201809-0083
Vulnerability from variot - Updated: 2024-11-23 22:26A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. V-Server Lite 4.0.3.0 and prior versions are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "lite 4.0.3.0"
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2.1.36.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2.0.0.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
}
],
"trust": 0.7
},
"cve": "CVE-2018-10637",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10637",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10637",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-10637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10637",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-10637",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-575",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"description": {
"_id": null,
"data": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nV-Server Lite 4.0.3.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-10637",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-02",
"trust": 2.7
},
{
"db": "BID",
"id": "105328",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6376",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1023",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"id": "VAR-201809-0083",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.87058824
},
"last_update_date": "2024-11-23T22:26:14.101000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
},
{
"title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84842"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105328"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10637"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10637"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"db": "BID",
"id": "105328",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105328",
"ident": null
},
{
"date": "2018-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"date": "2018-09-13T19:29:00.277000",
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105328",
"ident": null
},
{
"date": "2018-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"date": "2024-11-21T03:41:42.753000",
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Lite Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 0.6
}
}
VAR-201809-0157
Vulnerability from variot - Updated: 2024-11-23 21:38Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ghirmay Desta",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1012"
}
],
"trust": 0.7
},
"cve": "CVE-2018-14823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19612",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125021",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14823",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14823",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14823",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14823",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-14823",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-19612",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-582",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125021",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125021"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14823",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19612",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5889",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1012",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD1B23-39AB-11E9-8157-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125021",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"id": "VAR-201809-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
}
]
},
"last_update_date": "2024-11-23T21:38:24.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/140889"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84850"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14823"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14823"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125021"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"date": "2018-09-26T20:29:00.980000",
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"date": "2020-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-125021"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"date": "2024-11-21T03:49:52.330000",
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
}
],
"trust": 0.8
}
}
VAR-201809-0153
Vulnerability from variot - Updated: 2024-11-23 21:38Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. An integer underflow vulnerability 6. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
}
],
"trust": 1.4
},
"cve": "CVE-2018-14815",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20785",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125012",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14815",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14815",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14815",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14815",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-20785",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-579",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-125012",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. An integer underflow vulnerability\n6. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14815"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125012"
}
],
"trust": 3.96
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-14815",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20785",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5881",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1015",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5882",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1016",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD6941-39AB-11E9-AEED-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125012",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"id": "VAR-201809-0153",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
}
]
},
"last_update_date": "2024-11-23T21:38:24.091000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric V-Server patch for out-of-bounds write vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142221"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84846"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14815"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14815"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1015",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1016",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-20785",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-125012",
"ident": null
},
{
"db": "BID",
"id": "105341",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-14815",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1015",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1016",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20785",
"ident": null
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125012",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-579",
"ident": null
},
{
"date": "2018-09-26T20:29:00.620000",
"db": "NVD",
"id": "CVE-2018-14815",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1015",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1016",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20785",
"ident": null
},
{
"date": "2018-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-125012",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-579",
"ident": null
},
{
"date": "2024-11-21T03:49:51.263000",
"db": "NVD",
"id": "CVE-2018-14815",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Vulnerable to out-of-bounds writing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
}
],
"trust": 0.8
}
}
VAR-201809-0150
Vulnerability from variot - Updated: 2024-11-23 21:38Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
}
],
"trust": 1.4
},
"cve": "CVE-2018-14809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14809",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14809",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19868",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d85b770-463f-11e9-a599-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125005",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14809",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14809",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14809",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14809",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-19868",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-576",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125005",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14809"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125005"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14809",
"trust": 4.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19868",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5885",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1019",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5877",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1010",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D85B770-463F-11E9-A599-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125005",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"id": "VAR-201809-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
}
]
},
"last_update_date": "2024-11-23T21:38:24.046000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/141099"
},
{
"title": "Fuji Electric V-Server VPR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84843"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14809"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14809"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-27T00:00:00",
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125005"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"date": "2018-09-26T20:29:00.293000",
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125005"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"date": "2024-11-21T03:49:50.547000",
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
}
],
"trust": 0.8
}
}
VAR-201809-0152
Vulnerability from variot - Updated: 2024-11-23 21:38Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
}
],
"trust": 1.4
},
"cve": "CVE-2018-14813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14813",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14813",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125010",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14813",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14813",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14813",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14813",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14813",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-20754",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-578",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125010",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14813"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125010"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14813",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20754",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5883",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1017",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5879",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1013",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD1B22-39AB-11E9-970B-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125010",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"id": "VAR-201809-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
}
]
},
"last_update_date": "2024-11-23T21:38:23.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142229"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84845"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14813"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14813"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125010"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"date": "2018-09-26T20:29:00.510000",
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"date": "2020-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-125010"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"date": "2024-11-21T03:49:50.993000",
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
}
],
"trust": 0.8
}
}
VAR-201809-0151
Vulnerability from variot - Updated: 2024-11-23 21:38Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 3.5,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
}
],
"trust": 3.5
},
"cve": "CVE-2018-14811",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14811",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 3.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14811",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03306",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14811",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14811",
"trust": 3.5,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14811",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14811",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-03306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-577",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125008",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14811"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125008"
}
],
"trust": 5.85
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-14811",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-03306",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5880",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1014",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5878",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1011",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5886",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1020",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5888",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1022",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5887",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1021",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D85DE80-463F-11E9-8522-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125008",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"id": "VAR-201809-0151",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
}
]
},
"last_update_date": "2024-11-23T21:38:23.937000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric V-Server releases patches for reusing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/152185"
},
{
"title": "Fuji Electric V-Server VPR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84844"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
},
{
"problemtype": "CWE-822",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 6.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14811"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14811"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1014",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1011",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1020",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1022",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1021",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-03306",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-125008",
"ident": null
},
{
"db": "BID",
"id": "105341",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-14811",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1014",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1011",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1020",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1022",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1021",
"ident": null
},
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03306",
"ident": null
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125008",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-577",
"ident": null
},
{
"date": "2018-09-26T20:29:00.403000",
"db": "NVD",
"id": "CVE-2018-14811",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1014",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1011",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1020",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1022",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1021",
"ident": null
},
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03306",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125008",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-577",
"ident": null
},
{
"date": "2024-11-21T03:49:50.773000",
"db": "NVD",
"id": "CVE-2018-14811",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server VPR File Parsing CArchive Read Untrusted Pointer Dereference Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
}
],
"trust": 2.1
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
}
],
"trust": 0.8
}
}
VAR-201809-0154
Vulnerability from variot - Updated: 2024-11-23 21:38Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Source Incite and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "105341"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14817",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125014",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14817",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14817",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14817",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-20784",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-580",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125014",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14817"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125014"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14817",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20784",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FD6940-39AB-11E9-8108-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125014",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"id": "VAR-201809-0154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
}
]
},
"last_update_date": "2024-11-23T21:38:23.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Patch for Fuji Electric V-Server Integer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142217"
},
{
"title": "Fuji Electric V-Server VPR Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84847"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-191",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14817"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14817"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125014"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"date": "2018-09-26T20:29:00.747000",
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125014"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"date": "2024-11-21T03:49:51.510000",
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Integer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
}
],
"trust": 0.6
}
}
VAR-201809-0155
Vulnerability from variot - Updated: 2024-11-23 21:38Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1018"
}
],
"trust": 0.7
},
"cve": "CVE-2018-14819",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14819",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14819",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20780",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14819",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14819",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14819",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-14819",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20780",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-581",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14819"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125016"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-14819",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5884",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1018",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD422F-39AB-11E9-AF52-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125016",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"id": "VAR-201809-0155",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
}
]
},
"last_update_date": "2024-11-23T21:38:23.853000Z",
"patch": {
"_id": null,
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "Fuji Electric V-Server cross-border read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142203"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84848"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14819"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14819"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1018",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-20780",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-125016",
"ident": null
},
{
"db": "BID",
"id": "105341",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-14819",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1018",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20780",
"ident": null
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125016",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-581",
"ident": null
},
{
"date": "2018-09-26T20:29:00.870000",
"db": "NVD",
"id": "CVE-2018-14819",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1018",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20780",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125016",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-581",
"ident": null
},
{
"date": "2024-11-21T03:49:51.803000",
"db": "NVD",
"id": "CVE-2018-14819",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
}
],
"trust": 0.8
}
}
VAR-202101-1105
Vulnerability from variot - Updated: 2024-11-23 21:26A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"credits": {
"_id": null,
"data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22641",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22641",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17707",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22641",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22641",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22641",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22641",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22641",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22641",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-17707",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22641",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"description": {
"_id": null,
"data": "A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22641",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-099",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11669",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-17707",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22641",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"id": "VAR-202101-1105",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17707"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17707"
}
]
},
"last_update_date": "2024-11-23T21:26:42.245000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17707)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252926"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-099/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22641"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-099"
},
{
"db": "CNVD",
"id": "CNVD-2021-17707"
},
{
"db": "VULMON",
"id": "CVE-2021-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
},
{
"db": "NVD",
"id": "CVE-2021-22641"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-099",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-17707",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-22641",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22641",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-099",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17707",
"ident": null
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22641",
"ident": null
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"ident": null
},
{
"date": "2021-01-27T20:15:13.207000",
"db": "NVD",
"id": "CVE-2021-22641",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-099",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17707",
"ident": null
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22641",
"ident": null
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002821",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2393",
"ident": null
},
{
"date": "2024-11-21T05:50:22.220000",
"db": "NVD",
"id": "CVE-2021-22641",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002821"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2393"
}
],
"trust": 0.6
}
}
VAR-202101-0898
Vulnerability from variot - Updated: 2024-11-23 20:48Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment.
Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds read vulnerability. Attackers can use this vulnerability to execute arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0898",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"cve": "CVE-2021-22655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22655",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17710",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22655",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22655",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22655",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22655",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-17710",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2403",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22655",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"db": "VULMON",
"id": "CVE-2021-22655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2403"
},
{
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment. \n\r\n\r\nFuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds read vulnerability. Attackers can use this vulnerability to execute arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"db": "VULMON",
"id": "CVE-2021-22655"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22655",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-17710",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2403",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22655",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"db": "VULMON",
"id": "CVE-2021-22655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2403"
},
{
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"id": "VAR-202101-0898",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
}
]
},
"last_update_date": "2024-11-23T20:48:55.682000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite out-of-bounds read vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252816"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22655"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"db": "VULMON",
"id": "CVE-2021-22655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2403"
},
{
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"db": "VULMON",
"id": "CVE-2021-22655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2403"
},
{
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22655"
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2403"
},
{
"date": "2021-01-27T20:15:13.397000",
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17710"
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22655"
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002823"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2403"
},
{
"date": "2024-11-21T05:50:24.890000",
"db": "NVD",
"id": "CVE-2021-22655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2403"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2403"
}
],
"trust": 0.6
}
}
VAR-202101-1104
Vulnerability from variot - Updated: 2024-11-23 20:26An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"credits": {
"_id": null,
"data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22639",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17708",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22639",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22639",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22639",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22639",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22639",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22639",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-17708",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2398",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22639",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"description": {
"_id": null,
"data": "An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22639",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-098",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11668",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-17708",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22639",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"id": "VAR-202101-1104",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17708"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17708"
}
]
},
"last_update_date": "2024-11-23T20:26:42.576000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17708)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252906"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-098/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22639"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/824.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195684"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-098"
},
{
"db": "CNVD",
"id": "CNVD-2021-17708"
},
{
"db": "VULMON",
"id": "CVE-2021-22639"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
},
{
"db": "NVD",
"id": "CVE-2021-22639"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-098",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-17708",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-22639",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22639",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-098",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17708",
"ident": null
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22639",
"ident": null
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"ident": null
},
{
"date": "2021-01-27T20:15:12.847000",
"db": "NVD",
"id": "CVE-2021-22639",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-098",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17708",
"ident": null
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22639",
"ident": null
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002820",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2398",
"ident": null
},
{
"date": "2024-11-21T05:50:21.947000",
"db": "NVD",
"id": "CVE-2021-22639",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002820"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2398"
}
],
"trust": 0.6
}
}
VAR-202101-0897
Vulnerability from variot - Updated: 2024-11-23 19:59Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment.
Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds write vulnerability, which can be exploited by attackers to execute arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0897",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"cve": "CVE-2021-22653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22653",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17709",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22653",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22653",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22653",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22653",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-17709",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2401",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22653",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"db": "VULMON",
"id": "CVE-2021-22653"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2401"
},
{
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments. The software can collect information about PLCs, temperature controllers, inverters and other equipment. \n\r\n\r\nFuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite have an out-of-bounds write vulnerability, which can be exploited by attackers to execute arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22653"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"db": "VULMON",
"id": "CVE-2021-22653"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2021-22653",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-17709",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2401",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22653",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"db": "VULMON",
"id": "CVE-2021-22653"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2401"
},
{
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"id": "VAR-202101-0897",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
}
]
},
"last_update_date": "2024-11-23T19:59:32.536000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite out-of-bounds write vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252821"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22653"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"db": "VULMON",
"id": "CVE-2021-22653"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2401"
},
{
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"db": "VULMON",
"id": "CVE-2021-22653"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2401"
},
{
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22653"
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2401"
},
{
"date": "2021-01-27T20:15:13.317000",
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17709"
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22653"
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002822"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2401"
},
{
"date": "2024-11-21T05:50:24.550000",
"db": "NVD",
"id": "CVE-2021-22653"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2401"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002822"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2401"
}
],
"trust": 0.6
}
}
VAR-202101-1103
Vulnerability from variot - Updated: 2024-11-23 19:25Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "v-simulator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "lite 4.0.10.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric tellus lite v-simulator",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "4.0.10.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22637",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22637",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-17711",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22637",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22637",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-22637",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-17711",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2406",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22637",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"description": {
"_id": null,
"data": "Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22637",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-097",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-026-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU93293369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11170",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-17711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22637",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"id": "VAR-202101-1103",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17711"
}
],
"trust": 1.53529412
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-17711"
}
]
},
"last_update_date": "2024-11-23T19:25:31.113000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/252811"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-097/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22637"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93293369/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0297/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-097"
},
{
"db": "CNVD",
"id": "CNVD-2021-17711"
},
{
"db": "VULMON",
"id": "CVE-2021-22637"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
},
{
"db": "NVD",
"id": "CVE-2021-22637"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-097",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-17711",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-22637",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22637",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-097",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17711",
"ident": null
},
{
"date": "2021-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22637",
"ident": null
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"ident": null
},
{
"date": "2021-01-27T20:15:12.770000",
"db": "NVD",
"id": "CVE-2021-22637",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "ZDI",
"id": "ZDI-21-097",
"ident": null
},
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-17711",
"ident": null
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22637",
"ident": null
},
{
"date": "2021-10-05T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-002819",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2406",
"ident": null
},
{
"date": "2024-11-21T05:50:21.713000",
"db": "NVD",
"id": "CVE-2021-22637",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002819"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2406"
}
],
"trust": 0.6
}
}
CVE-2023-47586 (GCVE-0-2023-47586)
Vulnerability from nvd – Published: 2023-11-15 06:03 – Updated: 2024-08-29 17:50
VLAI?
Summary
Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
Severity ?
No CVSS data available.
CWE
- Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server |
Affected:
V4.0.18.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "v-server_lite",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "V4.0.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:48:25.083109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:50:00.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
},
{
"product": "V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:03:46.888Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47586",
"datePublished": "2023-11-15T06:03:46.888Z",
"dateReserved": "2023-11-07T02:41:20.173Z",
"dateUpdated": "2024-08-29T17:50:00.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47585 (GCVE-0-2023-47585)
Vulnerability from nvd – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:13
VLAI?
Summary
Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server |
Affected:
V4.0.18.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "v-server_lite",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "V4.0.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:11:07.366451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:13:49.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
},
{
"product": "V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:03:31.138Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47585",
"datePublished": "2023-11-15T06:03:31.138Z",
"dateReserved": "2023-11-07T02:41:20.173Z",
"dateUpdated": "2024-08-29T15:13:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47584 (GCVE-0-2023-47584)
Vulnerability from nvd – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:15
VLAI?
Summary
Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server |
Affected:
V4.0.18.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "v-server_lite",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "V4.0.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:14:50.816482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:15:45.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
},
{
"product": "V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.\r\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:03:19.425Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47584",
"datePublished": "2023-11-15T06:03:19.425Z",
"dateReserved": "2023-11-07T02:41:20.173Z",
"dateUpdated": "2024-08-29T15:15:45.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31239 (GCVE-0-2023-31239)
Vulnerability from nvd – Published: 2023-06-19 00:00 – Updated: 2024-12-23 21:34
VLAI?
Summary
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
Severity ?
7.8 (High)
CWE
- Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server and V-Server Lite |
Affected:
v4.0.15.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-23T21:34:08.650253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T21:34:13.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server and V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v4.0.15.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-31239",
"datePublished": "2023-06-19T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2024-12-23T21:34:13.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47908 (GCVE-0-2022-47908)
Vulnerability from nvd – Published: 2023-01-03 00:00 – Updated: 2025-04-10 15:48
VLAI?
Summary
Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.
Severity ?
7.8 (High)
CWE
- Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server |
Affected:
v4.0.12.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92811888/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T15:48:05.005053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:48:28.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v4.0.12.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92811888/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-47908",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-12-26T00:00:00.000Z",
"dateUpdated": "2025-04-10T15:48:28.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47586 (GCVE-0-2023-47586)
Vulnerability from cvelistv5 – Published: 2023-11-15 06:03 – Updated: 2024-08-29 17:50
VLAI?
Summary
Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
Severity ?
No CVSS data available.
CWE
- Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server |
Affected:
V4.0.18.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "v-server_lite",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "V4.0.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:48:25.083109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:50:00.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
},
{
"product": "V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:03:46.888Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47586",
"datePublished": "2023-11-15T06:03:46.888Z",
"dateReserved": "2023-11-07T02:41:20.173Z",
"dateUpdated": "2024-08-29T17:50:00.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47585 (GCVE-0-2023-47585)
Vulnerability from cvelistv5 – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:13
VLAI?
Summary
Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server |
Affected:
V4.0.18.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "v-server_lite",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "V4.0.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:11:07.366451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:13:49.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
},
{
"product": "V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:03:31.138Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47585",
"datePublished": "2023-11-15T06:03:31.138Z",
"dateReserved": "2023-11-07T02:41:20.173Z",
"dateUpdated": "2024-08-29T15:13:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47584 (GCVE-0-2023-47584)
Vulnerability from cvelistv5 – Published: 2023-11-15 06:03 – Updated: 2024-08-29 15:15
VLAI?
Summary
Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server |
Affected:
V4.0.18.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:v-server_lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "v-server_lite",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "V4.0.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:14:50.816482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:15:45.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
},
{
"product": "V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V4.0.18.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.\r\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:03:19.425Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47584",
"datePublished": "2023-11-15T06:03:19.425Z",
"dateReserved": "2023-11-07T02:41:20.173Z",
"dateUpdated": "2024-08-29T15:15:45.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31239 (GCVE-0-2023-31239)
Vulnerability from cvelistv5 – Published: 2023-06-19 00:00 – Updated: 2024-12-23 21:34
VLAI?
Summary
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
Severity ?
7.8 (High)
CWE
- Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-Server and V-Server Lite |
Affected:
v4.0.15.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-23T21:34:08.650253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T21:34:13.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "V-Server and V-Server Lite",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v4.0.15.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-31239",
"datePublished": "2023-06-19T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2024-12-23T21:34:13.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}