VAR-202306-0128
Vulnerability from variot - Updated: 2025-10-17 23:14Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. Provided by Fuji Electric Co., Ltd. FRENIC RHC Loader contains multiple vulnerabilities: * stack-based buffer overflow ( CWE-121 ) - CVE-2023-29160 It was * out-of-bounds read ( CWE-125 ) - CVE-2023-29167 It was * XML External entity reference ( XXE ) inappropriate restriction ( CWE-611 ) - CVE-2023-29498 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric in Japan for debugging and monitoring inverters, primarily serving the industrial automation sector
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-0128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "frenic rhc loader",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "1.1.0.3"
},
{
"model": "frenic rhc loader",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "frenic rhc loader",
"scope": "lte",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "v1.1.0.3 and earlier"
},
{
"model": "electric frenic rhc loader",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "v1.1.0.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"cve": "CVE-2023-29167",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-21386",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-29167",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002022",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-29167",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-29167",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002022",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-21386",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-184",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-184"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"db": "NVD",
"id": "CVE-2023-29167"
},
{
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. Provided by Fuji Electric Co., Ltd. FRENIC RHC Loader contains multiple vulnerabilities: * stack-based buffer overflow ( CWE-121 ) - CVE-2023-29160 It was * out-of-bounds read ( CWE-125 ) - CVE-2023-29167 It was * XML External entity reference ( XXE ) inappropriate restriction ( CWE-611 ) - CVE-2023-29498 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric in Japan for debugging and monitoring inverters, primarily serving the industrial automation sector",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-29167"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"db": "VULMON",
"id": "CVE-2023-29167"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-29167",
"trust": 3.9
},
{
"db": "JVN",
"id": "JVNVU97809354",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2025-21386",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-184",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-29167",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"db": "VULMON",
"id": "CVE-2023-29167"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-184"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"id": "VAR-202306-0128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
}
]
},
"last_update_date": "2025-10-17T23:14:24.865000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FRENIC-RHC Loader software Ver1.3.0.1 Japanese version ( Instruction manual included )",
"trust": 0.8,
"url": "https://felib.fujielectric.co.jp/download/details.htm?dataid=46924727\u0026site=japan\u0026lang=ja"
},
{
"title": "Patch for Fuji Electric FRENIC RHC Loader Out-of-Bounds Read Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/732161"
},
{
"title": "Fuji Electric FRENIC RHC Loader Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=242473"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-184"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
},
{
"problemtype": "XML Improper restriction of external entity references (CWE-611) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://felib.fujielectric.co.jp/download/details.htm?dataid=45829407\u0026site=global\u0026lang=en"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu97809354/"
},
{
"trust": 1.2,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-002022.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97809354/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29160"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29167"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29498"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-29167/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"db": "VULMON",
"id": "CVE-2023-29167"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-184"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"db": "VULMON",
"id": "CVE-2023-29167"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-184"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29167"
},
{
"date": "2023-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-184"
},
{
"date": "2023-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"date": "2023-06-13T10:15:10.167000",
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21386"
},
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29167"
},
{
"date": "2023-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-184"
},
{
"date": "2024-04-18T08:39:00",
"db": "JVNDB",
"id": "JVNDB-2023-002022"
},
{
"date": "2025-01-03T21:15:12.217000",
"db": "NVD",
"id": "CVE-2023-29167"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-184"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Fuji Electric \u00a0FRENIC\u00a0RHC\u00a0Loader\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002022"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-184"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…