All the vulnerabilites related to Fuji Electric - Monitouch V-SFT
cve-2024-5271
Vulnerability from cvelistv5
Published
2024-05-30 19:53
Modified
2024-08-01 21:11
Summary
Fuji Electric Monitouch V-SFT Out-of-Bounds Write
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "lessThanOrEqual": "6.2.3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T13:57:07.832450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T18:45:53.793Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:11:11.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "lessThan": "6.2.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "kimiya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nFuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution.\n\n"
            }
          ],
          "value": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-30T19:53:30.195Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nFuji Electric recommends users update the product to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd\"\u003eMonitouch V-SFT v6.2.3.0\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Fuji Electric recommends users update the product to  Monitouch V-SFT v6.2.3.0 https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd ."
        }
      ],
      "source": {
        "advisory": "ICSA-24-151-02",
        "discovery": "EXTERNAL"
      },
      "title": "Fuji Electric Monitouch V-SFT Out-of-Bounds Write",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-5271",
    "datePublished": "2024-05-30T19:53:30.195Z",
    "dateReserved": "2024-05-23T14:36:06.242Z",
    "dateUpdated": "2024-08-01T21:11:11.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11793
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 16:59
Summary
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11793",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:47.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:01:58.448-06:00",
      "datePublic": "2024-11-27T14:58:46.685-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24503."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:32.078Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1619",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1619/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11793",
    "datePublished": "2024-11-27T23:34:32.078Z",
    "dateReserved": "2024-11-26T16:01:58.428Z",
    "dateUpdated": "2024-11-29T16:59:47.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11795
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 16:59
Summary
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:47.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:02:08.078-06:00",
      "datePublic": "2024-11-27T14:59:24.205-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:41.798Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1621",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1621/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11795",
    "datePublished": "2024-11-27T23:34:41.798Z",
    "dateReserved": "2024-11-26T16:02:08.057Z",
    "dateUpdated": "2024-11-29T16:59:47.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11791
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 17:09
Summary
Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T17:09:48.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:01:39.133-06:00",
      "datePublic": "2024-11-27T14:58:19.419-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:23.304Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1617",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1617/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11791",
    "datePublished": "2024-11-27T23:34:23.304Z",
    "dateReserved": "2024-11-26T16:01:39.099Z",
    "dateUpdated": "2024-11-29T17:09:48.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-34171
Vulnerability from cvelistv5
Published
2024-05-30 19:55
Modified
2024-08-02 02:51
Summary
Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "lessThan": "6.2.3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T18:32:35.936779Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T18:33:50.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:09.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "lessThan": "6.2.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "kimiya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nFuji Electric Monitouch V-SFT \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.\n\n"
            }
          ],
          "value": "Fuji Electric Monitouch V-SFT \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-30T19:55:23.835Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nFuji Electric recommends users update the product to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd\"\u003eMonitouch V-SFT v6.2.3.0\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Fuji Electric recommends users update the product to  Monitouch V-SFT v6.2.3.0 https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd ."
        }
      ],
      "source": {
        "advisory": "ICSA-24-151-02",
        "discovery": "EXTERNAL"
      },
      "title": "Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-34171",
    "datePublished": "2024-05-30T19:55:23.835Z",
    "dateReserved": "2024-05-20T14:11:06.275Z",
    "dateUpdated": "2024-08-02T02:51:09.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11794
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 16:59
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:47.461Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:02:03.353-06:00",
      "datePublic": "2024-11-27T14:58:59.212-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:36.653Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1620",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1620/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11794",
    "datePublished": "2024-11-27T23:34:36.653Z",
    "dateReserved": "2024-11-26T16:02:03.326Z",
    "dateUpdated": "2024-11-29T16:59:47.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11798
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 16:59
Summary
Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11798",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:59:20.681042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:46.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:02:25.810-06:00",
      "datePublic": "2024-11-27T15:00:00.203-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:53.455Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1624",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1624/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11798",
    "datePublished": "2024-11-27T23:34:53.455Z",
    "dateReserved": "2024-11-26T16:02:25.786Z",
    "dateUpdated": "2024-11-29T16:59:46.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11789
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 17:09
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T17:09:49.168Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:01:28.497-06:00",
      "datePublic": "2024-11-27T14:57:48.619-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:14.031Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1615",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1615/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11789",
    "datePublished": "2024-11-27T23:34:14.031Z",
    "dateReserved": "2024-11-26T16:01:28.470Z",
    "dateUpdated": "2024-11-29T17:09:49.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11787
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 17:09
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11787",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T17:09:49.282Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:01:18.991-06:00",
      "datePublic": "2024-11-27T14:57:25.081-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24413."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:08.859Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1614",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1614/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11787",
    "datePublished": "2024-11-27T23:34:08.859Z",
    "dateReserved": "2024-11-26T16:01:18.939Z",
    "dateUpdated": "2024-11-29T17:09:49.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11796
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 16:59
Summary
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:47.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:02:14.653-06:00",
      "datePublic": "2024-11-27T14:59:35.635-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24506."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:45.779Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1622",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1622/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11796",
    "datePublished": "2024-11-27T23:34:45.779Z",
    "dateReserved": "2024-11-26T16:02:14.631Z",
    "dateUpdated": "2024-11-29T16:59:47.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11797
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 16:59
Summary
Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:47.107Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:02:21.266-06:00",
      "datePublic": "2024-11-27T14:59:46.632-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:50.024Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1623",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1623/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11797",
    "datePublished": "2024-11-27T23:34:50.024Z",
    "dateReserved": "2024-11-26T16:02:21.244Z",
    "dateUpdated": "2024-11-29T16:59:47.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-5597
Vulnerability from cvelistv5
Published
2024-06-10 16:53
Modified
2024-08-01 21:18
Summary
Fuji Electric Monitouch V-SFT Type Confusion
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T20:11:14.382101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T20:12:13.322Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "lessThan": "6.2.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "kimiya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fuji Electric Monitouch V-SFT\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to a type confusion, which could cause a crash or code execution.\u003c/span\u003e\n\n"
            }
          ],
          "value": "Fuji Electric Monitouch V-SFT\u00a0is vulnerable to a type confusion, which could cause a crash or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "CWE-843 Type Confusion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:53:50.147Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fuji Electric recommends users update the product to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd\"\u003eMonitouch V-SFT v6.2.3.0\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Fuji Electric recommends users update the product to  Monitouch V-SFT v6.2.3.0 https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd ."
        }
      ],
      "source": {
        "advisory": "ICSA-24-151-02",
        "discovery": "EXTERNAL"
      },
      "title": "Fuji Electric Monitouch V-SFT Type Confusion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-5597",
    "datePublished": "2024-06-10T16:53:50.147Z",
    "dateReserved": "2024-06-03T13:32:22.404Z",
    "dateUpdated": "2024-08-01T21:18:06.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11790
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 17:09
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11790",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T17:09:49.009Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:01:32.604-06:00",
      "datePublic": "2024-11-27T14:58:07.671-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:18.453Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1616",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1616/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11790",
    "datePublished": "2024-11-27T23:34:18.453Z",
    "dateReserved": "2024-11-26T16:01:32.581Z",
    "dateUpdated": "2024-11-29T17:09:49.009Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11933
Vulnerability from cvelistv5
Published
2024-11-27 23:36
Modified
2024-11-29 16:59
Summary
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:59:16.877074Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:46.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-27T14:52:50.875-06:00",
      "datePublic": "2024-11-27T15:01:43.341-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:36:05.162Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1630",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1630/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11933",
    "datePublished": "2024-11-27T23:36:05.162Z",
    "dateReserved": "2024-11-27T20:52:50.825Z",
    "dateUpdated": "2024-11-29T16:59:46.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-11792
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 17:09
Summary
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:43:24.101858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T17:09:48.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-26T10:01:44.222-06:00",
      "datePublic": "2024-11-27T14:58:32.703-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:34:28.147Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1618",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1618/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11792",
    "datePublished": "2024-11-27T23:34:28.147Z",
    "dateReserved": "2024-11-26T16:01:44.192Z",
    "dateUpdated": "2024-11-29T17:09:48.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-201708-1406
Vulnerability from variot

A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions

Show details on source website


{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": null,
        "trust": 1.4,
        "vendor": "fuji electric",
        "version": null
      },
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fujielectric",
        "version": "5.4.42.0"
      },
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fuji electric",
        "version": "5.4.43.0"
      },
      {
        "_id": null,
        "model": "electric monitouch v-sft",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "fuji",
        "version": "5.4.43.0"
      },
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujielectric",
        "version": "5.4.42.0"
      },
      {
        "_id": null,
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "5.4.42.0"
      },
      {
        "_id": null,
        "model": "electric monitouch v-sft",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "5.4.43.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "monitouch v sft",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9659"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fujielectric:monitouch_v-sft",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Ariele Caltabiano (kimiya)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2017-9659",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-9659",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 3.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-22804",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-9659",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2017-9659",
            "trust": 1.4,
            "value": "MEDIUM"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-9659",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-9659",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22804",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-578",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9659"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
      }
    ],
    "trust": 3.87
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9659",
        "trust": 4.9
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-222-04",
        "trust": 3.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-644",
        "trust": 2.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "100265",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-4014",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3993",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-645",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "E14E25DD-B97B-42E6-840A-4D68E6949FDB",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9659"
      }
    ]
  },
  "id": "VAR-201708-1406",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      }
    ],
    "trust": 1.4500000000000002
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:52.673000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Fuji Electric has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04"
      },
      {
        "title": "Monitouch V-SFT",
        "trust": 0.8,
        "url": "http://www.hakko-elec.co.jp/site/vsft/"
      },
      {
        "title": "Fuji Electric Monitouch V-SFT project file parsing heap buffer overflow vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/100821"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9659"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 4.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-222-04"
      },
      {
        "trust": 1.9,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-643/"
      },
      {
        "trust": 1.9,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-644/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9659"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/100265"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9659"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujielectric.com/"
      },
      {
        "trust": 0.3,
        "url": "www.zerodayinitiative.com/advisories/zdi-17-645"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9659"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-644",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22804",
        "ident": null
      },
      {
        "db": "BID",
        "id": "100265",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007179",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9659",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-644",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-643",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22804",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "BID",
        "id": "100265",
        "ident": null
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007179",
        "ident": null
      },
      {
        "date": "2017-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-578",
        "ident": null
      },
      {
        "date": "2017-08-14T16:29:00.320000",
        "db": "NVD",
        "id": "CVE-2017-9659",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-644",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-643",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22804",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "BID",
        "id": "100265",
        "ident": null
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007179",
        "ident": null
      },
      {
        "date": "2017-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-578",
        "ident": null
      },
      {
        "date": "2024-11-21T03:36:36.060000",
        "db": "NVD",
        "id": "CVE-2017-9659",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Fuji Electric Monitouch V-SFT Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-644"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "_id": null,
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-578"
      }
    ],
    "trust": 0.8
  }
}

var-201708-1409
Vulnerability from variot

An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. Fuji Electric Monitouch V-SFT Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of Monitouch V-SFT. An attacker can leverage this vulnerability to execute code in the context of any user of the software. Fuji Electric Monitouch V-SFT is an HMI software

Show details on source website


{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fujielectric",
        "version": "5.4.42.0"
      },
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fuji electric",
        "version": "5.4.43.0"
      },
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": null,
        "trust": 0.7,
        "vendor": "fuji electric",
        "version": null
      },
      {
        "_id": null,
        "model": "electric monitouch v-sft",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "fuji",
        "version": "5.4.43.0"
      },
      {
        "_id": null,
        "model": "monitouch v-sft",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujielectric",
        "version": "5.4.42.0"
      },
      {
        "_id": null,
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "5.4.42.0"
      },
      {
        "_id": null,
        "model": "electric monitouch v-sft",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "5.4.43.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "monitouch v sft",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      },
      {
        "db": "BID",
        "id": "100268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9662"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fujielectric:monitouch_v-sft",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Fritz Sands of the Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      },
      {
        "db": "BID",
        "id": "100268"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2017-9662",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-9662",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-9662",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-22806",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-9662",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-9662",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-9662",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "ZDI",
            "id": "CVE-2017-9662",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22806",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-575",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9662"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. Fuji Electric Monitouch V-SFT Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of Monitouch V-SFT.  An attacker can leverage this vulnerability to execute code in the context of any user of the software. Fuji Electric Monitouch V-SFT is an HMI software",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9662"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      },
      {
        "db": "BID",
        "id": "100268"
      },
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9662",
        "trust": 4.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-222-04",
        "trust": 3.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-646",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "100268",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-4021",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "2BE44727-F1CD-4BAD-8264-9B7730B4F5E3",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      },
      {
        "db": "BID",
        "id": "100268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9662"
      }
    ]
  },
  "id": "VAR-201708-1409",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      }
    ],
    "trust": 1.4500000000000002
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:52.720000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Monitouch V-SFT",
        "trust": 0.8,
        "url": "http://www.hakko-elec.co.jp/site/vsft/"
      },
      {
        "title": "Fuji Electric has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04"
      },
      {
        "title": "Fuji Electric Monitouch V-SFT Unsafe Configuration Privilege Upgrade Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/100818"
      },
      {
        "title": "Fuji Electric Monitouch V-SFT Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99846"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9662"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 4.0,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-222-04"
      },
      {
        "trust": 1.9,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-646/"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/100268"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9662"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9662"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujielectric.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806"
      },
      {
        "db": "BID",
        "id": "100268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9662"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-646",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22806",
        "ident": null
      },
      {
        "db": "BID",
        "id": "100268",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007182",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9662",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-646",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22806",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "BID",
        "id": "100268",
        "ident": null
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007182",
        "ident": null
      },
      {
        "date": "2017-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-575",
        "ident": null
      },
      {
        "date": "2017-08-14T16:29:00.413000",
        "db": "NVD",
        "id": "CVE-2017-9662",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-646",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22806",
        "ident": null
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "BID",
        "id": "100268",
        "ident": null
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007182",
        "ident": null
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-575",
        "ident": null
      },
      {
        "date": "2024-11-21T03:36:36.393000",
        "db": "NVD",
        "id": "CVE-2017-9662",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "100268"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "Fuji Electric Monitouch V-SFT Insecure Configuration Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-646"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "_id": null,
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-575"
      }
    ],
    "trust": 0.6
  }
}

var-201708-1407
Vulnerability from variot

A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1407",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "monitouch v-sft",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fujielectric",
        "version": "5.4.42.0"
      },
      {
        "model": "monitouch v-sft",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fuji electric",
        "version": "5.4.43.0"
      },
      {
        "model": "monitouch v-sft",
        "scope": null,
        "trust": 0.7,
        "vendor": "fuji electric",
        "version": null
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "fuji",
        "version": "5.4.43.0"
      },
      {
        "model": "monitouch v-sft",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujielectric",
        "version": "5.4.42.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "5.4.42.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "5.4.43.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "monitouch v sft",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fujielectric:monitouch_v-sft",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ariele Caltabiano (kimiya)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2017-9660",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-9660",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 2.5,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-22805",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-9660",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-9660",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-9660",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2017-9660",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22805",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-577",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9660",
        "trust": 4.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-222-04",
        "trust": 3.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-645",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "100265",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3994",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-643",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-644",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "FE17C188-7216-4DD6-AA4D-FFAE1D06D92B",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "id": "VAR-201708-1407",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      }
    ],
    "trust": 1.4500000000000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:52.762000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Monitouch V-SFT",
        "trust": 0.8,
        "url": "http://www.hakko-elec.co.jp/site/vsft/"
      },
      {
        "title": "Fuji Electric has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04"
      },
      {
        "title": "Patch for Fuji Electric Monitouch V-SFT Project File Parsing Buffer Buffer Overflow Vulnerability (CNVD-2017-22805)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/100820"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.0,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-222-04"
      },
      {
        "trust": 1.6,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-645/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9660"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/100265"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9660"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujielectric.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-643/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-644/"
      },
      {
        "trust": 0.3,
        "url": "www.zerodayinitiative.com/advisories/zdi-17-645"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "db": "BID",
        "id": "100265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "BID",
        "id": "100265"
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "date": "2017-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      },
      {
        "date": "2017-08-14T16:29:00.350000",
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-645"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22805"
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "BID",
        "id": "100265"
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "date": "2018-01-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      },
      {
        "date": "2024-11-21T03:36:36.170000",
        "db": "NVD",
        "id": "CVE-2017-9660"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fuji Electric Monitouch V-SFT Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-577"
      }
    ],
    "trust": 0.8
  }
}