Search

Find a vulnerability

Search criteria

    197 vulnerabilities by Fuji Electric

    CVE-2026-8108 (GCVE-0-2026-8108)

    Vulnerability from nvd – Published: 2026-05-12 22:29 – Updated: 2026-05-13 01:39
    VLAI
    Title
    Fuji Electric Tellus Exposed Dangerous Method or Function
    Summary
    The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Affected: 5.0.2
    Create a notification for this product.
    Date Public
    2026-05-12 22:26
    Credits
    Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T01:38:52.768933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T01:39:00.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2026-05-12T22:26:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions."
                }
              ],
              "value": "The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T22:29:53.239Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-01.json"
            }
          ],
          "source": {
            "advisory": "ICSA-26-132-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Exposed Dangerous Method or Function",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric recommends that Tellus be installed only with administrator privileges."
                }
              ],
              "value": "Fuji Electric recommends that Tellus be installed only with administrator privileges."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-8108",
        "datePublished": "2026-05-12T22:29:53.239Z",
        "dateReserved": "2026-05-07T15:18:17.964Z",
        "dateUpdated": "2026-05-13T01:39:00.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53524 (GCVE-0-2025-53524)

    Vulnerability from nvd – Published: 2025-12-17 00:19 – Updated: 2025-12-17 14:41
    VLAI
    Title
    Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write
    Summary
    Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Monitouch V-SFT-6 Affected: 6.2.7.0
    Unaffected: 6.2.8.0
    Unaffected: 6.2.9.0 or newer.
    Create a notification for this product.
    Credits
    Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T14:40:49.760982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-17T14:41:11.685Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Monitouch V-SFT-6",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.9.0 or newer."
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write \nwhile processing a specially crafted project file, which may allow an \nattacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write \nwhile processing a specially crafted project file, which may allow an \nattacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T00:19:13.321Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026document1%5B1%5D=M10009\u0026document2%5B1%5D=M20104\u0026product1%5B1%5D=P10003\u0026product2%5B1%5D=P20023\u0026product3%5B1%5D=P30623\u0026product4%5B1%5D=S11133\u0026discontinued%5B1%5D=0\u0026count=20\u0026sort=en_title\u0026page=1\u0026region=en-glb"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11133\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eupdate to V6.2.9.0 or newer.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users  update to V6.2.9.0 or newer. https://felib.fujielectric.co.jp/en/document_search"
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-53524",
        "datePublished": "2025-12-17T00:19:13.321Z",
        "dateReserved": "2025-07-30T19:03:10.113Z",
        "dateUpdated": "2025-12-17T14:41:11.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54526 (GCVE-0-2025-54526)

    Vulnerability from nvd – Published: 2025-11-04 21:37 – Updated: 2025-11-04 21:46
    VLAI
    Title
    Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow
    Summary
    Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Monitouch V-SFT-6 Affected: 6.2.7.0
    Unaffected: 6.2.8.0
    Unaffected: 6.2.9.0 or newer.
    Create a notification for this product.
    Credits
    Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-04T21:45:57.788958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:46:06.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Monitouch V-SFT-6",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.9.0 or newer."
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer \noverflow while processing a specially crafted project file, which may \nallow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer \noverflow while processing a specially crafted project file, which may \nallow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T21:37:56.067Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026document1%5B1%5D=M10009\u0026document2%5B1%5D=M20104\u0026product1%5B1%5D=P10003\u0026product2%5B1%5D=P20023\u0026product3%5B1%5D=P30623\u0026product4%5B1%5D=S11133\u0026discontinued%5B1%5D=0\u0026count=20\u0026sort=en_title\u0026page=1\u0026region=en-glb"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11133\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eupdate to V6.2.9.0 or newer.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users  update to V6.2.9.0 or newer. https://felib.fujielectric.co.jp/en/document_search"
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-54526",
        "datePublished": "2025-11-04T21:37:56.067Z",
        "dateReserved": "2025-07-30T19:03:10.084Z",
        "dateUpdated": "2025-11-04T21:46:06.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54496 (GCVE-0-2025-54496)

    Vulnerability from nvd – Published: 2025-11-04 21:36 – Updated: 2025-11-04 21:46
    VLAI
    Title
    Fuji Electric Monitouch V-SFT-6 Heap-based Buffer Overflow
    Summary
    A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Monitouch V-SFT-6 Affected: 6.2.7.0
    Unaffected: 6.2.8.0
    Unaffected: 6.2.9.0 or newer.
    Create a notification for this product.
    Credits
    Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-04T21:46:28.137824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:46:35.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Monitouch V-SFT-6",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.9.0 or newer."
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted project file may cause a heap-based buffer \noverflow in \nFuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code."
                }
              ],
              "value": "A maliciously crafted project file may cause a heap-based buffer \noverflow in \nFuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T21:36:46.018Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026document1%5B1%5D=M10009\u0026document2%5B1%5D=M20104\u0026product1%5B1%5D=P10003\u0026product2%5B1%5D=P20023\u0026product3%5B1%5D=P30623\u0026product4%5B1%5D=S11133\u0026discontinued%5B1%5D=0\u0026count=20\u0026sort=en_title\u0026page=1\u0026region=en-glb"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11133\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eupdate to V6.2.9.0 or newer.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users  update to V6.2.9.0 or newer. https://felib.fujielectric.co.jp/en/document_search"
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Monitouch V-SFT-6 Heap-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-54496",
        "datePublished": "2025-11-04T21:36:46.018Z",
        "dateReserved": "2025-07-30T19:03:10.137Z",
        "dateUpdated": "2025-11-04T21:46:35.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9365 (GCVE-0-2025-9365)

    Vulnerability from nvd – Published: 2025-09-03 19:34 – Updated: 2025-09-03 20:38
    VLAI
    Title
    Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data
    Summary
    Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric FRENIC-Loader 4 Affected: 0 , < 1.4.0.1 (custom)
    Unaffected: 1.4.0.1
    Create a notification for this product.
    Date Public
    2025-09-02 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T20:38:11.421463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T20:38:21.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FRENIC-Loader 4",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "1.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.4.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2025-09-02T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code.\u003c/span\u003e"
                }
              ],
              "value": "Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T19:34:41.579Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20029/document_detail/b2f23970-e560-4961-8013-fc72be43681a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20029/document_detail/b2f23970-e560-4961-8013-fc72be43681a\"\u003ev1.4.0.1 or later\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  v1.4.0.1 or later https://felib.fujielectric.co.jp/en/M10009/M20029/document_detail/b2f23970-e560-4961-8013-fc72be43681a ."
            }
          ],
          "source": {
            "advisory": "ICSA-25-245-02",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-9365",
        "datePublished": "2025-09-03T19:34:41.579Z",
        "dateReserved": "2025-08-22T16:35:26.993Z",
        "dateUpdated": "2025-09-03T20:38:21.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41413 (GCVE-0-2025-41413)

    Vulnerability from nvd – Published: 2025-06-17 20:22 – Updated: 2025-06-18 14:57
    VLAI
    Title
    Fuji Electric Smart Editor Out-of-bounds Write
    Summary
    Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-18T14:57:06.202928Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T14:57:14.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor\u0026nbsp;is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:22:05.902Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-41413",
        "datePublished": "2025-06-17T20:22:05.902Z",
        "dateReserved": "2025-06-16T16:00:20.868Z",
        "dateUpdated": "2025-06-18T14:57:14.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41388 (GCVE-0-2025-41388)

    Vulnerability from nvd – Published: 2025-06-17 20:24 – Updated: 2025-06-18 14:57
    VLAI
    Title
    Fuji Electric Smart Editor Stack-based Buffer Overflow
    Summary
    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 16:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-18T14:56:59.560007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T14:57:23.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:24:26.869Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-41388",
        "datePublished": "2025-06-17T20:24:26.869Z",
        "dateReserved": "2025-06-16T16:00:20.844Z",
        "dateUpdated": "2025-06-18T14:57:23.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32412 (GCVE-0-2025-32412)

    Vulnerability from nvd – Published: 2025-06-17 20:18 – Updated: 2025-06-17 20:24
    VLAI
    Title
    Fuji Electric Smart Editor Out-of-bounds Read
    Summary
    Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T20:24:26.196402Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:24:39.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor\u0026nbsp;is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:18:47.252Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Out-of-bounds Read",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-32412",
        "datePublished": "2025-06-17T20:18:47.252Z",
        "dateReserved": "2025-06-16T16:00:20.856Z",
        "dateUpdated": "2025-06-17T20:24:39.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-8108 (GCVE-0-2026-8108)

    Vulnerability from cvelistv5 – Published: 2026-05-12 22:29 – Updated: 2026-05-13 01:39
    VLAI
    Title
    Fuji Electric Tellus Exposed Dangerous Method or Function
    Summary
    The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Tellus Affected: 5.0.2
    Create a notification for this product.
    Date Public
    2026-05-12 22:26
    Credits
    Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T01:38:52.768933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T01:39:00.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tellus",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2026-05-12T22:26:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions."
                }
              ],
              "value": "The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T22:29:53.239Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-01.json"
            }
          ],
          "source": {
            "advisory": "ICSA-26-132-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Tellus Exposed Dangerous Method or Function",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric recommends that Tellus be installed only with administrator privileges."
                }
              ],
              "value": "Fuji Electric recommends that Tellus be installed only with administrator privileges."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2026-8108",
        "datePublished": "2026-05-12T22:29:53.239Z",
        "dateReserved": "2026-05-07T15:18:17.964Z",
        "dateUpdated": "2026-05-13T01:39:00.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53524 (GCVE-0-2025-53524)

    Vulnerability from cvelistv5 – Published: 2025-12-17 00:19 – Updated: 2025-12-17 14:41
    VLAI
    Title
    Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write
    Summary
    Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Monitouch V-SFT-6 Affected: 6.2.7.0
    Unaffected: 6.2.8.0
    Unaffected: 6.2.9.0 or newer.
    Create a notification for this product.
    Credits
    Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T14:40:49.760982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-17T14:41:11.685Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Monitouch V-SFT-6",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.9.0 or newer."
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write \nwhile processing a specially crafted project file, which may allow an \nattacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write \nwhile processing a specially crafted project file, which may allow an \nattacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T00:19:13.321Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026document1%5B1%5D=M10009\u0026document2%5B1%5D=M20104\u0026product1%5B1%5D=P10003\u0026product2%5B1%5D=P20023\u0026product3%5B1%5D=P30623\u0026product4%5B1%5D=S11133\u0026discontinued%5B1%5D=0\u0026count=20\u0026sort=en_title\u0026page=1\u0026region=en-glb"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11133\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eupdate to V6.2.9.0 or newer.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users  update to V6.2.9.0 or newer. https://felib.fujielectric.co.jp/en/document_search"
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-53524",
        "datePublished": "2025-12-17T00:19:13.321Z",
        "dateReserved": "2025-07-30T19:03:10.113Z",
        "dateUpdated": "2025-12-17T14:41:11.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54526 (GCVE-0-2025-54526)

    Vulnerability from cvelistv5 – Published: 2025-11-04 21:37 – Updated: 2025-11-04 21:46
    VLAI
    Title
    Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow
    Summary
    Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Monitouch V-SFT-6 Affected: 6.2.7.0
    Unaffected: 6.2.8.0
    Unaffected: 6.2.9.0 or newer.
    Create a notification for this product.
    Credits
    Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-04T21:45:57.788958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:46:06.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Monitouch V-SFT-6",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.9.0 or newer."
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer \noverflow while processing a specially crafted project file, which may \nallow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer \noverflow while processing a specially crafted project file, which may \nallow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T21:37:56.067Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026document1%5B1%5D=M10009\u0026document2%5B1%5D=M20104\u0026product1%5B1%5D=P10003\u0026product2%5B1%5D=P20023\u0026product3%5B1%5D=P30623\u0026product4%5B1%5D=S11133\u0026discontinued%5B1%5D=0\u0026count=20\u0026sort=en_title\u0026page=1\u0026region=en-glb"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11133\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eupdate to V6.2.9.0 or newer.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users  update to V6.2.9.0 or newer. https://felib.fujielectric.co.jp/en/document_search"
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-54526",
        "datePublished": "2025-11-04T21:37:56.067Z",
        "dateReserved": "2025-07-30T19:03:10.084Z",
        "dateUpdated": "2025-11-04T21:46:06.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54496 (GCVE-0-2025-54496)

    Vulnerability from cvelistv5 – Published: 2025-11-04 21:36 – Updated: 2025-11-04 21:46
    VLAI
    Title
    Fuji Electric Monitouch V-SFT-6 Heap-based Buffer Overflow
    Summary
    A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Monitouch V-SFT-6 Affected: 6.2.7.0
    Unaffected: 6.2.8.0
    Unaffected: 6.2.9.0 or newer.
    Create a notification for this product.
    Credits
    Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-04T21:46:28.137824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:46:35.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Monitouch V-SFT-6",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "6.2.9.0 or newer."
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted project file may cause a heap-based buffer \noverflow in \nFuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code."
                }
              ],
              "value": "A maliciously crafted project file may cause a heap-based buffer \noverflow in \nFuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T21:36:46.018Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026document1%5B1%5D=M10009\u0026document2%5B1%5D=M20104\u0026product1%5B1%5D=P10003\u0026product2%5B1%5D=P20023\u0026product3%5B1%5D=P30623\u0026product4%5B1%5D=S11133\u0026discontinued%5B1%5D=0\u0026count=20\u0026sort=en_title\u0026page=1\u0026region=en-glb"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11133\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eupdate to V6.2.9.0 or newer.\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users  update to V6.2.9.0 or newer. https://felib.fujielectric.co.jp/en/document_search"
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-01",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Monitouch V-SFT-6 Heap-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-54496",
        "datePublished": "2025-11-04T21:36:46.018Z",
        "dateReserved": "2025-07-30T19:03:10.137Z",
        "dateUpdated": "2025-11-04T21:46:35.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9365 (GCVE-0-2025-9365)

    Vulnerability from cvelistv5 – Published: 2025-09-03 19:34 – Updated: 2025-09-03 20:38
    VLAI
    Title
    Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data
    Summary
    Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric FRENIC-Loader 4 Affected: 0 , < 1.4.0.1 (custom)
    Unaffected: 1.4.0.1
    Create a notification for this product.
    Date Public
    2025-09-02 17:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T20:38:11.421463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T20:38:21.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FRENIC-Loader 4",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThan": "1.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.4.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2025-09-02T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code.\u003c/span\u003e"
                }
              ],
              "value": "Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T19:34:41.579Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-02"
            },
            {
              "url": "https://felib.fujielectric.co.jp/en/M10009/M20029/document_detail/b2f23970-e560-4961-8013-fc72be43681a"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20029/document_detail/b2f23970-e560-4961-8013-fc72be43681a\"\u003ev1.4.0.1 or later\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  v1.4.0.1 or later https://felib.fujielectric.co.jp/en/M10009/M20029/document_detail/b2f23970-e560-4961-8013-fc72be43681a ."
            }
          ],
          "source": {
            "advisory": "ICSA-25-245-02",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-9365",
        "datePublished": "2025-09-03T19:34:41.579Z",
        "dateReserved": "2025-08-22T16:35:26.993Z",
        "dateUpdated": "2025-09-03T20:38:21.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41388 (GCVE-0-2025-41388)

    Vulnerability from cvelistv5 – Published: 2025-06-17 20:24 – Updated: 2025-06-18 14:57
    VLAI
    Title
    Fuji Electric Smart Editor Stack-based Buffer Overflow
    Summary
    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Fuji Electric Smart Editor Affected: 0 , ≤ 1.0.1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-06-17 16:00
    Credits
    kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-18T14:56:59.560007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T14:57:23.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Smart Editor",
              "vendor": "Fuji Electric",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2025-06-17T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
                }
              ],
              "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T20:24:26.869Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/document_search?tab=software\u0026amp;document1%5B1%5D=M10009\u0026amp;document2%5B1%5D=M20104\u0026amp;product1%5B1%5D=P10003\u0026amp;product2%5B1%5D=P20023\u0026amp;product3%5B1%5D=P30623\u0026amp;product4%5B1%5D=S11132\u0026amp;discontinued%5B1%5D=0\u0026amp;count=20\u0026amp;sort=en_title\u0026amp;page=1\u0026amp;region=en-glb\"\u003eSmart Editor v1.0.2.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(250, 250, 250);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Fuji Electric recommends users update to  Smart Editor v1.0.2.0 https://felib.fujielectric.co.jp/en/document_search \u00a0or later."
            }
          ],
          "source": {
            "advisory": "ICSA-25-168-04",
            "discovery": "EXTERNAL"
          },
          "title": "Fuji Electric Smart Editor Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-41388",
        "datePublished": "2025-06-17T20:24:26.869Z",
        "dateReserved": "2025-06-16T16:00:20.844Z",
        "dateUpdated": "2025-06-18T14:57:23.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202212-1812

    Vulnerability from variot - Updated: 2025-12-19 22:49

    Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of X1 files in the V-Simulator 6 application. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. It is primarily used to collect real-time data from devices such as PLCs (Programmable Logic Controllers), temperature controllers, and inverters

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1812",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tellus lite v-simulator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.12.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "4.0.12.0  and earlier"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric fuji electric tellus lite v-simulator",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "\u003c=4.0.12.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2022-3085",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-24579",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-3085",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-005820",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-3085",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-3085",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-3085",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-005820",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2022-3085",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-24579",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-3658",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of X1 files in the V-Simulator 6 application. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. It is primarily used to collect real-time data from devices such as PLCs (Programmable Logic Controllers), temperature controllers, and inverters",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3085"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-3085",
            "trust": 4.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-354-01",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU90957471",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-16717",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-821",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6634",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3085",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "id": "VAR-202212-1812",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          }
        ]
      },
      "last_update_date": "2025-12-19T22:49:46.010000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.fujielectric.co.jp/"
          },
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-01"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/744661"
          },
          {
            "title": "Fuji Electric Tellus Lite V-Simulator Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218425"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-3085 "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3085"
          },
          {
            "trust": 1.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
          },
          {
            "trust": 1.5,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-01"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu90957471/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-354-01"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-3085/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6634"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-3085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-08T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "date": "2025-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-3085"
          },
          {
            "date": "2022-12-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          },
          {
            "date": "2023-06-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "date": "2023-01-19T00:15:10.380000",
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-08T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-821"
          },
          {
            "date": "2025-11-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-24579"
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-3085"
          },
          {
            "date": "2023-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          },
          {
            "date": "2023-06-14T01:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          },
          {
            "date": "2023-11-07T03:50:45.970000",
            "db": "NVD",
            "id": "CVE-2022-3085"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji\u00a0Electric\u00a0Tellus\u00a0Lite\u00a0V-Simulator\u00a0 Stack-based buffer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-005820"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3658"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202311-1677

    Vulnerability from variot - Updated: 2025-12-19 22:45

    A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. Fuji Electric's Tellus Lite V-Simulator Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the product installer. The issue results from incorrect permissions set on product folders created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of any user of the software. It is primarily used to collect real-time data from devices such as PLCs (Programmable Logic Controllers), temperature controllers, and inverters. Detailed vulnerability information is not currently available

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202311-1677",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tellus lite v-simulator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.19.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "4.0.19.0"
          },
          {
            "model": "tellus lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric fuji electric tellus lite v-simulator",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "v4.0.19.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fritz Sands",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-5299",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-24578",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-5299",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "id": "CVE-2023-5299",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-5299",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "id": "CVE-2023-5299",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-5299",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2023-5299",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-5299",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-5299",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-24578",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. Fuji Electric\u0027s Tellus Lite V-Simulator Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the product installer. The issue results from incorrect permissions set on product folders created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of any user of the software. It is primarily used to collect real-time data from devices such as PLCs (Programmable Logic Controllers), temperature controllers, and inverters. Detailed vulnerability information is not currently available",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5299"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-5299",
            "trust": 4.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-325-02",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU98886797",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-21224",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-1730",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5299",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "id": "VAR-202311-1677",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          }
        ]
      },
      "last_update_date": "2025-12-19T22:45:54.874000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
          },
          {
            "title": "Patch for Fuji Electric Tellus Lite V-Simulator Access Control Violation",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/744651"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
          },
          {
            "trust": 1.9,
            "url": "https://felib.fujielectric.co.jp/en/m10009/m20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98886797/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-5299"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "date": "2025-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "date": "2023-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5299"
          },
          {
            "date": "2024-01-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "date": "2023-11-22T01:15:08.187000",
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-1730"
          },
          {
            "date": "2025-11-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-24578"
          },
          {
            "date": "2023-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5299"
          },
          {
            "date": "2024-01-11T02:33:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          },
          {
            "date": "2024-09-04T19:35:10.513000",
            "db": "NVD",
            "id": "CVE-2023-5299"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Tellus\u00a0Lite\u00a0V-Simulator\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-018322"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1676

    Vulnerability from variot - Updated: 2025-10-17 22:50

    Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1676",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.2.3.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1618"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1618"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11792",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-21058",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11792",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11792",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11792",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11792",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11792",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11792",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11792",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21058",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1618"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1618"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11792",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1618",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-05",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24502",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1618"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "id": "VAR-202411-1676",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          }
        ],
        "trust": 1.25
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          }
        ]
      },
      "last_update_date": "2025-10-17T22:50:19.114000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1618/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11792"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1618"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1618"
          },
          {
            "date": "2025-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "date": "2024-11-28T00:15:04.603000",
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1618"
          },
          {
            "date": "2025-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21058"
          },
          {
            "date": "2024-12-05T07:02:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          },
          {
            "date": "2024-12-03T16:07:42.940000",
            "db": "NVD",
            "id": "CVE-2024-11792"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013911"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1725

    Vulnerability from variot - Updated: 2025-10-17 22:50

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1725",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite v-simulator",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "5"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1627"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1627"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11801",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-21317",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11801",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11801",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11801",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11801",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11801",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11801",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11801",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21317",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1627"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1627"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11801",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1627",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-06",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24769",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1627"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "id": "VAR-202411-1725",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          }
        ]
      },
      "last_update_date": "2025-10-17T22:50:19.073000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1627/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11801"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1627"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1627"
          },
          {
            "date": "2025-09-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "date": "2024-11-28T00:15:05.873000",
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1627"
          },
          {
            "date": "2025-09-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21317"
          },
          {
            "date": "2024-12-05T07:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          },
          {
            "date": "2024-12-03T16:22:22.837000",
            "db": "NVD",
            "id": "CVE-2024-11801"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Tellus\u00a0Lite\u00a0V-Simulator\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013909"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1622

    Vulnerability from variot - Updated: 2025-10-17 22:50

    Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1622",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.2.3.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1617"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1617"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11791",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-21057",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11791",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11791",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11791",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11791",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11791",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11791",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11791",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21057",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1617"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1617"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11791",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1617",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-05",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24450",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1617"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "id": "VAR-202411-1622",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          }
        ],
        "trust": 1.25
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          }
        ]
      },
      "last_update_date": "2025-10-17T22:50:19.045000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1617/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11791"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1617"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1617"
          },
          {
            "date": "2025-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "date": "2024-11-28T00:15:04.467000",
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1617"
          },
          {
            "date": "2025-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21057"
          },
          {
            "date": "2024-12-05T07:02:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          },
          {
            "date": "2024-12-03T16:08:22.910000",
            "db": "NVD",
            "id": "CVE-2024-11791"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013892"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1620

    Vulnerability from variot - Updated: 2025-10-17 22:50

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1620",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite v-simulator",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "5"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1628"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1628"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11802",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-21318",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11802",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11802",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11802",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11802",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11802",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11802",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11802",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21318",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1628"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770. Fuji Electric\u0027s Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1628"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11802",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1628",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-06",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24770",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1628"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "id": "VAR-202411-1620",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          }
        ]
      },
      "last_update_date": "2025-10-17T22:50:19.018000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1628/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11802"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1628"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1628"
          },
          {
            "date": "2025-09-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "date": "2024-11-28T00:15:06.007000",
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1628"
          },
          {
            "date": "2025-09-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21318"
          },
          {
            "date": "2024-12-05T07:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          },
          {
            "date": "2024-12-03T16:16:58.833000",
            "db": "NVD",
            "id": "CVE-2024-11802"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Tellus\u00a0Lite\u00a0V-Simulator\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013926"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202405-1939

    Vulnerability from variot - Updated: 2025-10-16 23:41

    Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric Co., Ltd., primarily used in industrial automation. It provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm messaging

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-1939",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 3.5,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.2.3.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2024-34171",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-21060",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-34171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 3.5,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-34171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-34171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-34171",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2024-34171",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2024-34171",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-34171",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-34171",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21060",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric Co., Ltd., primarily used in industrial automation. It provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm messaging",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          }
        ],
        "trust": 5.31
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-34171",
            "trust": 6.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-151-02",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU97725986",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22908",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-535",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22896",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22874",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22815",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22749",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "id": "VAR-202405-1939",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          }
        ],
        "trust": 1.25
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:41:41.189000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          },
          {
            "title": "Patch for Fuji Electric Monitouch V-SFT Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/731071"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.9,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97725986/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-34171"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-05-31T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "date": "2024-05-31T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "date": "2024-05-31T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "date": "2024-05-31T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "date": "2024-05-31T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "date": "2025-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          },
          {
            "date": "2025-08-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "date": "2024-05-30T20:15:09.197000",
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "date": "2024-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "date": "2024-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "date": "2024-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-532"
          },
          {
            "date": "2024-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-530"
          },
          {
            "date": "2025-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21060"
          },
          {
            "date": "2025-08-01T01:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-026706"
          },
          {
            "date": "2025-07-30T19:23:07.310000",
            "db": "NVD",
            "id": "CVE-2024-34171"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT V9C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-535"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-530"
          }
        ],
        "trust": 2.8
      }
    }

    VAR-202411-1649

    Vulnerability from variot - Updated: 2025-10-16 23:21

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1649",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite v-simulator",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "5"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1625"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11799",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-21315",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11799",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11799",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11799",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11799",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11799",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11799",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11799",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21315",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664. Fuji Electric\u0027s Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11799",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1625",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-06",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24664",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "id": "VAR-202411-1649",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:21:32.107000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1625/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11799"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1625"
          },
          {
            "date": "2025-09-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "date": "2024-11-28T00:15:05.603000",
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1625"
          },
          {
            "date": "2025-09-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21315"
          },
          {
            "date": "2024-12-05T07:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          },
          {
            "date": "2024-12-03T16:22:54.423000",
            "db": "NVD",
            "id": "CVE-2024-11799"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Tellus\u00a0Lite\u00a0V-Simulator\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013876"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1638

    Vulnerability from variot - Updated: 2025-10-16 23:21

    Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1638",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "4.0.20.0"
          },
          {
            "model": "tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite v-simulator",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "tellus lite",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric tellus lite v-simulator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "5"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1626"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11800",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-21316",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11800",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11800",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11800",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11800",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11800",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11800",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11800",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21316",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768. Fuji Electric\u0027s Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It is primarily used to collect real-time data from devices such as PLCs, temperature controllers, and inverters. An attacker can exploit this vulnerability by submitting a specially crafted file request to trick the user into parsing the file, potentially causing the application to crash or executing arbitrary code within the application context",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11800",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1626",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-06",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24768",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "id": "VAR-202411-1638",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          }
        ]
      },
      "last_update_date": "2025-10-16T23:21:31.973000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1626/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11800"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1626"
          },
          {
            "date": "2025-09-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "date": "2024-11-28T00:15:05.747000",
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1626"
          },
          {
            "date": "2025-09-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21316"
          },
          {
            "date": "2024-12-05T07:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          },
          {
            "date": "2024-12-03T16:22:41.957000",
            "db": "NVD",
            "id": "CVE-2024-11800"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Tellus\u00a0Lite\u00a0V-Simulator\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013927"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202405-1938

    Vulnerability from variot - Updated: 2025-08-02 22:51

    Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. Fuji Electric's Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a screen configuration software from Fuji Electric of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-1938",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "monitouch v-sft",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric monitouch v-sft",
            "scope": null,
            "trust": 0.6,
            "vendor": "fuji",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-5271",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-13533",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-5271",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-026701",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-5271",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2024-5271",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-026701",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-5271",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13533",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution. Fuji Electric\u0027s Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a screen configuration software from Fuji Electric of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-5271",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-151-02",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU97725986",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22814",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-531",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "id": "VAR-202405-1938",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          }
        ],
        "trust": 1.25
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          }
        ]
      },
      "last_update_date": "2025-08-02T22:51:37.305000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          },
          {
            "title": "Patch for Fuji Electric Monitouch V-SFT Buffer Overflow Vulnerability (CNVD-2025-13533)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/701731"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-843",
            "trust": 1.0
          },
          {
            "problemtype": "Mistake of type (CWE-843) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97725986/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-5271"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-05-31T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "date": "2025-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          },
          {
            "date": "2025-08-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "date": "2024-05-30T20:15:09.773000",
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-531"
          },
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13533"
          },
          {
            "date": "2025-08-01T01:24:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          },
          {
            "date": "2025-07-30T00:01:44.677000",
            "db": "NVD",
            "id": "CVE-2024-5271"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Vulnerability regarding mix-ups in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026701"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1631

    Vulnerability from variot - Updated: 2025-07-28 23:03

    Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1631",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.2.3.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1615"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1615"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11789",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-16521",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11789",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11789",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11789",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11789",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11789",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11789",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11789",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-16521",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1615"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1615"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11789",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1615",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-05",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24448",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1615"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "id": "VAR-202411-1631",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          }
        ],
        "trust": 1.25
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          }
        ]
      },
      "last_update_date": "2025-07-28T23:03:36.737000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1615/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11789"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1615"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1615"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "date": "2024-11-28T00:15:04.153000",
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1615"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16521"
          },
          {
            "date": "2024-12-05T07:02:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          },
          {
            "date": "2024-12-03T16:08:48.497000",
            "db": "NVD",
            "id": "CVE-2024-11789"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013893"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-1705

    Vulnerability from variot - Updated: 2025-07-28 23:03

    Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1705",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.2.3.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1616"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1616"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-11790",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-16522",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11790",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11790",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-11790",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2024-11790",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11790",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-11790",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-11790",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-16522",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1616"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1616"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11790",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-1616",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-338-05",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98326656",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-24449",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1616"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "id": "VAR-202411-1705",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          }
        ],
        "trust": 1.25
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          }
        ]
      },
      "last_update_date": "2025-07-28T23:03:36.697000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1616/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98326656/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11790"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-1616"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1616"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          },
          {
            "date": "2024-12-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "date": "2024-11-28T00:15:04.297000",
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-1616"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16522"
          },
          {
            "date": "2024-12-05T07:02:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          },
          {
            "date": "2024-12-03T16:08:38.587000",
            "db": "NVD",
            "id": "CVE-2024-11790"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013929"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0987

    Vulnerability from variot - Updated: 2025-07-28 19:42

    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Smart Editor is an editing software developed by Fuji Electric, mainly used to configure and program human-machine interface (HMI) devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0987",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart editor",
            "scope": null,
            "trust": 4.2,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric fuji electric smart editor",
            "scope": null,
            "trust": 0.6,
            "vendor": "fuji",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          }
        ],
        "trust": 4.2
      },
      "cve": "CVE-2025-41388",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-16527",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41388",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 4.2,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41388",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2025-41388",
                "trust": 4.2,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2025-41388",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-16527",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Smart Editor is an editing software developed by Fuji Electric, mainly used to configure and program human-machine interface (HMI) devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ],
        "trust": 5.22
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-41388",
            "trust": 5.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-168-04",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26024",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-405",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26022",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26020",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-25942",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26026",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26018",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "id": "VAR-202506-0987",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ]
      },
      "last_update_date": "2025-07-28T19:42:24.677000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 4.2,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          },
          {
            "title": "Patch for Fuji Electric Smart Editor Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/710751"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "date": "2025-06-17T21:15:38.183000",
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-404"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-403"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-402"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-399"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-413"
          },
          {
            "date": "2025-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16527"
          },
          {
            "date": "2025-06-18T13:47:10.020000",
            "db": "NVD",
            "id": "CVE-2025-41388"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-405"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-404"
          }
        ],
        "trust": 1.4
      }
    }

    VAR-202406-0045

    Vulnerability from variot - Updated: 2025-07-04 23:42

    Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. Fuji Electric's Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a human-machine interface software from Fuji Electric

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202406-0045",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "monitouch v-sft",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujielectric",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": "6.2.3.0"
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u5bcc\u58eb\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "monitouch v-sft",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric monitouch v-sft",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "fuji",
            "version": "6.2.3.0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2024-5597",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-13532",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-5597",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-5597",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-5597",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-5597",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-5597",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2024-5597",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-5597",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2024-5597",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13532",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Monitouch V-SFT\u00a0is vulnerable to a type confusion, which could cause a crash or code execution. Fuji Electric\u0027s Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a human-machine interface software from Fuji Electric",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-5597",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-151-02",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU97725986",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22748",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-564",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "id": "VAR-202406-0045",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          }
        ],
        "trust": 1.25
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:42:51.643000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          },
          {
            "title": "Patch for Fuji Electric Monitouch V-SFT Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/701726"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-843",
            "trust": 1.0
          },
          {
            "problemtype": "Mistake of type (CWE-843) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97725986/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-5597"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "date": "2025-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          },
          {
            "date": "2024-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "date": "2024-06-10T17:16:35.180000",
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-564"
          },
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13532"
          },
          {
            "date": "2024-06-13T01:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          },
          {
            "date": "2024-06-12T18:10:47.080000",
            "db": "NVD",
            "id": "CVE-2024-5597"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Vulnerability regarding mix-ups in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-003449"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0989

    Vulnerability from variot - Updated: 2025-07-04 23:31

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0989",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart editor",
            "scope": null,
            "trust": 1.4,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric smart editor",
            "scope": null,
            "trust": 0.6,
            "vendor": "fuji",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2025-41413",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-13401",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41413",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-41413",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2025-41413",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2025-41413",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13401",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-41413",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-168-04",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26028",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-401",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26031",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "id": "VAR-202506-0989",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:31:35.174000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          },
          {
            "title": "Patch for Fuji Electric Smart Editor Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/701611"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "date": "2025-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "date": "2025-06-17T21:15:38.343000",
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-401"
          },
          {
            "date": "2025-06-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-412"
          },
          {
            "date": "2025-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13401"
          },
          {
            "date": "2025-06-18T13:47:10.020000",
            "db": "NVD",
            "id": "CVE-2025-41413"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-401"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-202506-0988

    Vulnerability from variot - Updated: 2025-07-04 23:31

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TL5 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0988",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart editor",
            "scope": null,
            "trust": 0.7,
            "vendor": "fuji electric",
            "version": null
          },
          {
            "model": "electric smart editor",
            "scope": null,
            "trust": 0.6,
            "vendor": "fuji",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2025-32412",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-13400",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-32412",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2025-32412",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2025-32412",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2025-32412",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13400",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TL5 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-32412",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-168-04",
            "trust": 1.6
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-26032",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-25-400",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "id": "VAR-202506-0988",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:31:35.152000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Fuji Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          },
          {
            "title": "Patch for Fuji Electric Smart Editor Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/701601"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "date": "2025-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "date": "2025-06-17T21:15:37.963000",
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-25-400"
          },
          {
            "date": "2025-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13400"
          },
          {
            "date": "2025-06-18T13:47:10.020000",
            "db": "NVD",
            "id": "CVE-2025-32412"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Fuji Electric Smart Editor TL5 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-25-400"
          }
        ],
        "trust": 0.7
      }
    }