Vulnerabilites related to Fuji Electric - V-Server
var-201906-0328
Vulnerability from variot
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.0.33.0"
},
{
"model": "v-server",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji electric",
"version": "6.0.33.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.9.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.8.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.7.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.6.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.5.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.4.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.32.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.31.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.30.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.3.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.29.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.28.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.27.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.26.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.25.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.24.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.23.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.22.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.21.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.20.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.2.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.19.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.18.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.17.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.16.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.15.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.14.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.13.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.12.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.11.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.10.0"
},
{
"model": "electric monitouch v-sft",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.33.0"
}
],
"sources": [
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "108740"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3947",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3947",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3947",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3947",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-3947",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-558",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-3947",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3947"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "VULMON",
"id": "CVE-2019-3947"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2019-27",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2019-3947",
"trust": 2.8
},
{
"db": "BID",
"id": "108740",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3947",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"id": "VAR-201906-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65
},
"last_update_date": "2024-11-23T22:33:54.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "V-Server",
"trust": 0.8,
"url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
},
{
"title": "Fuji Electric V-Server Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93790"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.tenable.com/security/research/tra-2019-27"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/108740"
},
{
"trust": 0.9,
"url": "http://www.fujielectric.com/"
},
{
"trust": 0.9,
"url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2019-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"date": "2019-06-12T15:29:00.910000",
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3947"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-558"
},
{
"date": "2024-11-21T04:42:55.407000",
"db": "NVD",
"id": "CVE-2019-3947"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-558"
}
],
"trust": 0.6
}
}
var-201809-0157
Vulnerability from variot
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ghirmay Desta",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1012"
}
],
"trust": 0.7
},
"cve": "CVE-2018-14823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19612",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125021",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14823",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14823",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14823",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14823",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-14823",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-19612",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-582",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125021",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125021"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14823",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19612",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5889",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1012",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD1B23-39AB-11E9-8157-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125021",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"id": "VAR-201809-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
}
]
},
"last_update_date": "2024-11-23T21:38:24.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/140889"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84850"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14823"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14823"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"db": "VULHUB",
"id": "VHN-125021"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125021"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"date": "2018-09-26T20:29:00.980000",
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1012"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19612"
},
{
"date": "2020-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-125021"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010431"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-582"
},
{
"date": "2024-11-21T03:49:52.330000",
"db": "NVD",
"id": "CVE-2018-14823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd1b23-39ab-11e9-8157-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-582"
}
],
"trust": 0.8
}
}
var-201809-0154
Vulnerability from variot
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Source Incite and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "105341"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14817",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125014",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14817",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14817",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14817",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-20784",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-580",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125014",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14817"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125014"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14817",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20784",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FD6940-39AB-11E9-8108-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125014",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"id": "VAR-201809-0154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
}
]
},
"last_update_date": "2024-11-23T21:38:23.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Patch for Fuji Electric V-Server Integer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142217"
},
{
"title": "Fuji Electric V-Server VPR Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84847"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-191",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14817"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14817"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"db": "VULHUB",
"id": "VHN-125014"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125014"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"date": "2018-09-26T20:29:00.747000",
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20784"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125014"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010417"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-580"
},
{
"date": "2024-11-21T03:49:51.510000",
"db": "NVD",
"id": "CVE-2018-14817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Integer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2fd6940-39ab-11e9-8108-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20784"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-580"
}
],
"trust": 0.6
}
}
var-201911-1048
Vulnerability from variot
In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data.
A buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 3.5,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.6"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.6"
},
{
"_id": null,
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.6"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
}
]
},
"credits": {
"_id": null,
"data": "kimiya of 9SG",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
],
"trust": 4.1
},
"cve": "CVE-2019-18240",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18240",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41427",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-18240",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18240",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18240",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-18240",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18240",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18240",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-41427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-426",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"description": {
"_id": null,
"data": "In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. \n\nA buffer overflow vulnerability exists in Fuji Electric V-Server 4.0.6 and earlier. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing an error to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
}
],
"trust": 5.49
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-18240",
"trust": 6.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-311-02",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-19-971",
"trust": 1.3
},
{
"db": "AUSCERT",
"id": "ESB-2019.4210",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2019-41427",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8848",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-968",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8931",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-970",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8844",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-967",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8904",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-969",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8932",
"trust": 0.7
},
{
"db": "IVD",
"id": "C161EB5B-3004-48C3-93E9-62AC80F32CD5",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"id": "VAR-201911-1048",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
}
],
"trust": 1.67058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
}
]
},
"last_update_date": "2024-11-23T22:29:50.428000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
},
{
"title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability (CNVD-2019-41427)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191105"
},
{
"title": "Fuji Electric V-Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103039"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 7.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18240"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4210/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18240"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-971/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
},
{
"db": "CNVD",
"id": "CNVD-2019-41427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
},
{
"db": "NVD",
"id": "CVE-2019-18240"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-968",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-970",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-967",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-969",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-971",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-41427",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-18240",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-968",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-970",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-967",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-969",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-971",
"ident": null
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41427",
"ident": null
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"ident": null
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-426",
"ident": null
},
{
"date": "2019-11-13T23:15:11.433000",
"db": "NVD",
"id": "CVE-2019-18240",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-968",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-970",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-967",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-969",
"ident": null
},
{
"date": "2019-11-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-971",
"ident": null
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41427",
"ident": null
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012000",
"ident": null
},
{
"date": "2020-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-426",
"ident": null
},
{
"date": "2024-11-21T04:32:54.107000",
"db": "NVD",
"id": "CVE-2019-18240",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-968"
},
{
"db": "ZDI",
"id": "ZDI-19-970"
},
{
"db": "ZDI",
"id": "ZDI-19-967"
},
{
"db": "ZDI",
"id": "ZDI-19-969"
},
{
"db": "ZDI",
"id": "ZDI-19-971"
}
],
"trust": 3.5
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "c161eb5b-3004-48c3-93e9-62ac80f32cd5"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-426"
}
],
"trust": 0.8
}
}
var-201809-0151
Vulnerability from variot
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 3.5,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
}
],
"trust": 3.5
},
"cve": "CVE-2018-14811",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14811",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 3.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14811",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03306",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14811",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14811",
"trust": 3.5,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14811",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14811",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-03306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-577",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125008",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14811"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125008"
}
],
"trust": 5.85
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-14811",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-03306",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5880",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1014",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5878",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1011",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5886",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1020",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5888",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1022",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5887",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1021",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D85DE80-463F-11E9-8522-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125008",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"id": "VAR-201809-0151",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
}
]
},
"last_update_date": "2024-11-23T21:38:23.937000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric V-Server releases patches for reusing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/152185"
},
{
"title": "Fuji Electric V-Server VPR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84844"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
},
{
"problemtype": "CWE-822",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 6.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14811"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14811"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1014"
},
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1022"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
},
{
"db": "CNVD",
"id": "CNVD-2019-03306"
},
{
"db": "VULHUB",
"id": "VHN-125008"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
},
{
"db": "NVD",
"id": "CVE-2018-14811"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1014",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1011",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1020",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1022",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1021",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-03306",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-125008",
"ident": null
},
{
"db": "BID",
"id": "105341",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-14811",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1014",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1011",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1020",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1022",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1021",
"ident": null
},
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03306",
"ident": null
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125008",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-577",
"ident": null
},
{
"date": "2018-09-26T20:29:00.403000",
"db": "NVD",
"id": "CVE-2018-14811",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1014",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1011",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1020",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1022",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1021",
"ident": null
},
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03306",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125008",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010414",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-577",
"ident": null
},
{
"date": "2024-11-21T03:49:50.773000",
"db": "NVD",
"id": "CVE-2018-14811",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server VPR File Parsing CArchive Read Untrusted Pointer Dereference Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1011"
},
{
"db": "ZDI",
"id": "ZDI-18-1020"
},
{
"db": "ZDI",
"id": "ZDI-18-1021"
}
],
"trust": 2.1
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "7d85de80-463f-11e9-8522-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-577"
}
],
"trust": 0.8
}
}
var-201809-0153
Vulnerability from variot
Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. An integer underflow vulnerability 6. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
}
],
"trust": 1.4
},
"cve": "CVE-2018-14815",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20785",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125012",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14815",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14815",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14815",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14815",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-20785",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-579",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-125012",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. An integer underflow vulnerability\n6. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14815"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125012"
}
],
"trust": 3.96
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-14815",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20785",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5881",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1015",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5882",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1016",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD6941-39AB-11E9-AEED-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125012",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"id": "VAR-201809-0153",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
}
]
},
"last_update_date": "2024-11-23T21:38:24.091000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric V-Server patch for out-of-bounds write vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142221"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84846"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14815"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14815"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1015"
},
{
"db": "ZDI",
"id": "ZDI-18-1016"
},
{
"db": "CNVD",
"id": "CNVD-2018-20785"
},
{
"db": "VULHUB",
"id": "VHN-125012"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
},
{
"db": "NVD",
"id": "CVE-2018-14815"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1015",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1016",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-20785",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-125012",
"ident": null
},
{
"db": "BID",
"id": "105341",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-14815",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1015",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1016",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20785",
"ident": null
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125012",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-579",
"ident": null
},
{
"date": "2018-09-26T20:29:00.620000",
"db": "NVD",
"id": "CVE-2018-14815",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1015",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1016",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20785",
"ident": null
},
{
"date": "2018-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-125012",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010416",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-579",
"ident": null
},
{
"date": "2024-11-21T03:49:51.263000",
"db": "NVD",
"id": "CVE-2018-14815",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Vulnerable to out-of-bounds writing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010416"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd6941-39ab-11e9-aeed-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-579"
}
],
"trust": 0.8
}
}
var-201809-0150
Vulnerability from variot
Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
}
],
"trust": 1.4
},
"cve": "CVE-2018-14809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14809",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14809",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19868",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d85b770-463f-11e9-a599-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125005",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14809",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14809",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14809",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14809",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-19868",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-576",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125005",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14809"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125005"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14809",
"trust": 4.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19868",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5885",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1019",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5877",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1010",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D85B770-463F-11E9-A599-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125005",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"id": "VAR-201809-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
}
]
},
"last_update_date": "2024-11-23T21:38:24.046000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/141099"
},
{
"title": "Fuji Electric V-Server VPR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84843"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14809"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14809"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"db": "VULHUB",
"id": "VHN-125005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-27T00:00:00",
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125005"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"date": "2018-09-26T20:29:00.293000",
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1019"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1010"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19868"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125005"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010413"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-576"
},
{
"date": "2024-11-21T03:49:50.547000",
"db": "NVD",
"id": "CVE-2018-14809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server VPR Memory Error Reference Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "7d85b770-463f-11e9-a599-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-576"
}
],
"trust": 0.8
}
}
var-201809-0152
Vulnerability from variot
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
}
],
"trust": 1.4
},
"cve": "CVE-2018-14813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14813",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14813",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125010",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14813",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14813",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-14813",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14813",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14813",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-20754",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-578",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125010",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14813"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125010"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14813",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20754",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5883",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1017",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5879",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1013",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD1B22-39AB-11E9-970B-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125010",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"id": "VAR-201809-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
}
]
},
"last_update_date": "2024-11-23T21:38:23.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Patch for Fuji Electric V-Server Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142229"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84845"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14813"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14813"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"db": "VULHUB",
"id": "VHN-125010"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125010"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"date": "2018-09-26T20:29:00.510000",
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1017"
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1013"
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20754"
},
{
"date": "2020-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-125010"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010415"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-578"
},
{
"date": "2024-11-21T03:49:50.993000",
"db": "NVD",
"id": "CVE-2018-14813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd1b22-39ab-11e9-970b-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-578"
}
],
"trust": 0.8
}
}
var-201802-1045
Vulnerability from variot
A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric, Japan, and VPR is an array-based FPGA layout tool. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server vpr",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.1.0"
},
{
"model": "v-server vpr",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.1.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.1.0"
},
{
"model": "v-server vpr",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server vpr",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "BID",
"id": "102903"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
},
{
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fujielectric:v-server_vpr_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "BID",
"id": "102903"
}
],
"trust": 1.0
},
"cve": "CVE-2018-5442",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5442",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5442",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-02828",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5442",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5442",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5442",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-5442",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-5442",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-02828",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-109",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-135473",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "VULHUB",
"id": "VHN-135473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
},
{
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric, Japan, and VPR is an array-based FPGA layout tool. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5442"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "BID",
"id": "102903"
},
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-135473"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5442",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-032-01",
"trust": 3.4
},
{
"db": "BID",
"id": "102903",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-02828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5383",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-160",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2E378A3-39AB-11E9-A97C-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99015",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135473",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "VULHUB",
"id": "VHN-135473"
},
{
"db": "BID",
"id": "102903"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
},
{
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"id": "VAR-201802-1045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "VULHUB",
"id": "VHN-135473"
}
],
"trust": 1.7671123199999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
}
]
},
"last_update_date": "2024-11-23T22:38:16.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-01"
},
{
"title": "Patch for Fuji Electric V-Server VPR Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/115813"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78267"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-032-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102903"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5442"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5442"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "VULHUB",
"id": "VHN-135473"
},
{
"db": "BID",
"id": "102903"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
},
{
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"db": "VULHUB",
"id": "VHN-135473"
},
{
"db": "BID",
"id": "102903"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
},
{
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-06T00:00:00",
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"date": "2018-02-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"date": "2018-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"date": "2018-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-135473"
},
{
"date": "2018-02-01T00:00:00",
"db": "BID",
"id": "102903"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"date": "2018-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-109"
},
{
"date": "2018-02-05T18:29:00.310000",
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-160"
},
{
"date": "2018-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02828"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-135473"
},
{
"date": "2018-02-01T00:00:00",
"db": "BID",
"id": "102903"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"date": "2020-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-109"
},
{
"date": "2024-11-21T04:08:48.807000",
"db": "NVD",
"id": "CVE-2018-5442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server VPR Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001880"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2e378a3-39ab-11e9-a97c-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-109"
}
],
"trust": 0.8
}
}
var-202102-0298
Vulnerability from variot
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "3.3.24.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "fuji electric",
"version": "lite 3.3.24.0 \u306e\u5168\u3066"
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.24.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"credits": {
"_id": null,
"data": "Tran Van Khang - khangkito of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25171",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25171",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-25171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-25171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25171",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009656",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-25171",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1837",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"description": {
"_id": null,
"data": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25171"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "ZDI",
"id": "ZDI-20-1384"
}
],
"trust": 2.25
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-25171",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-329-02",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU97620058",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11353",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-1384",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4169",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"id": "VAR-202102-0298",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2022-05-04T09:42:08.814000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fe Library | Search Remote Control Software Documents (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25171"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97620058"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25171"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4169/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
},
{
"db": "NVD",
"id": "CVE-2020-25171"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1384",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-25171",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1384",
"ident": null
},
{
"date": "2020-11-26T06:26:17",
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"ident": null
},
{
"date": "2020-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"ident": null
},
{
"date": "2021-02-19T18:15:00",
"db": "NVD",
"id": "CVE-2020-25171",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1384",
"ident": null
},
{
"date": "2020-11-26T06:26:17",
"db": "JVNDB",
"id": "JVNDB-2020-009656",
"ident": null
},
{
"date": "2021-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1837",
"ident": null
},
{
"date": "2021-02-25T22:16:00",
"db": "NVD",
"id": "CVE-2020-25171",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Made by Fuji Electric V-Server Lite Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009656"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1837"
}
],
"trust": 0.6
}
}
var-201809-0083
Vulnerability from variot
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. V-Server Lite 4.0.3.0 and prior versions are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "lite 4.0.3.0"
},
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2.1.36.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2.0.0.0"
},
{
"_id": null,
"model": "electric v-server lite",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
}
],
"trust": 0.7
},
"cve": "CVE-2018-10637",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10637",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10637",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-10637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10637",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-10637",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-575",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"description": {
"_id": null,
"data": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nV-Server Lite 4.0.3.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-10637",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-02",
"trust": 2.7
},
{
"db": "BID",
"id": "105328",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6376",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1023",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"id": "VAR-201809-0083",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.87058824
},
"last_update_date": "2024-11-23T22:26:14.101000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02"
},
{
"title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84842"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105328"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10637"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10637"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1023"
},
{
"db": "BID",
"id": "105328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
},
{
"db": "NVD",
"id": "CVE-2018-10637"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"db": "BID",
"id": "105328",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105328",
"ident": null
},
{
"date": "2018-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"date": "2018-09-13T19:29:00.277000",
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1023",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105328",
"ident": null
},
{
"date": "2018-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010848",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-575",
"ident": null
},
{
"date": "2024-11-21T03:41:42.753000",
"db": "NVD",
"id": "CVE-2018-10637",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Lite Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010848"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-575"
}
],
"trust": 0.6
}
}
var-201809-0155
Vulnerability from variot
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric v-server vpr",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=4.0.3.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.3.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"_id": null,
"model": "electric v-server",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "4.0.4.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fujielectric:v-server_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1018"
}
],
"trust": 0.7
},
"cve": "CVE-2018-14819",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14819",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14819",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20780",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14819",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14819",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14819",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-14819",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20780",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-581",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A use-after-free vulnerability\n2. Multiple untrusted pointer dereference remote code-execution vulnerabilities\n3. A heap-based buffer overflow vulnerability\n4. Multiple out-of-bounds write vulnerabilities\n5. An integer underflow vulnerability\n6. An out-of-bounds read vulnerability\n7. \nV-Server 4.0.3.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14819"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-125016"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-14819",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105341",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-20780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5884",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1018",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FD422F-39AB-11E9-AF52-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125016",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"id": "VAR-201809-0155",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
}
],
"trust": 1.77058824
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
}
]
},
"last_update_date": "2024-11-23T21:38:23.853000Z",
"patch": {
"_id": null,
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"title": "Fuji Electric V-Server cross-border read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142203"
},
{
"title": "Fuji Electric V-Server VPR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84848"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14819"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14819"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1018"
},
{
"db": "CNVD",
"id": "CNVD-2018-20780"
},
{
"db": "VULHUB",
"id": "VHN-125016"
},
{
"db": "BID",
"id": "105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
},
{
"db": "NVD",
"id": "CVE-2018-14819"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1018",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-20780",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-125016",
"ident": null
},
{
"db": "BID",
"id": "105341",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-14819",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1",
"ident": null
},
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1018",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20780",
"ident": null
},
{
"date": "2018-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-125016",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"ident": null
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-581",
"ident": null
},
{
"date": "2018-09-26T20:29:00.870000",
"db": "NVD",
"id": "CVE-2018-14819",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1018",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20780",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125016",
"ident": null
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105341",
"ident": null
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010430",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-581",
"ident": null
},
{
"date": "2024-11-21T03:49:51.803000",
"db": "NVD",
"id": "CVE-2018-14819",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010430"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2fd422f-39ab-11e9-af52-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-581"
}
],
"trust": 0.8
}
}
var-201906-0327
Vulnerability from variot
Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lt",
"trust": 1.6,
"vendor": "fuji electric",
"version": "6.0.33.0"
},
{
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.0.33.0"
},
{
"model": "electric v-server",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "6.0.33.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.9.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.8.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.7.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.6.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.5.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.4.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.32.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.31.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.30.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.3.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.29.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.28.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.27.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.26.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.25.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.24.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.23.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.22.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.21.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.20.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.2.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.19.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.18.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.17.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.16.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.15.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.14.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.13.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.12.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.11.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.10.0"
},
{
"model": "electric monitouch v-sft",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "6.0.33.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "108740"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3946",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3946",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-25688",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3946",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3946",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3946",
"trust": 0.8,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2019-3946",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-25688",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-559",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3946",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3946"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3946",
"trust": 4.4
},
{
"db": "TENABLE",
"id": "TRA-2019-27",
"trust": 4.2
},
{
"db": "BID",
"id": "108740",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2019-25688",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462",
"trust": 0.8
},
{
"db": "IVD",
"id": "B858CD6C-22D1-49A4-A77A-E989933C9367",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-3946",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"id": "VAR-201906-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
}
],
"trust": 1.56029412
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
}
]
},
"last_update_date": "2024-11-23T22:33:54.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "V-Server",
"trust": 1.6,
"url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
},
{
"title": "Fuji Electric V-Server enters a patch to verify the error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/172789"
},
{
"title": "Fuji Electric V-Server Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93791"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "https://www.tenable.com/security/research/tra-2019-27"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/108740"
},
{
"trust": 0.9,
"url": "http://www.fujielectric.com/"
},
{
"trust": 0.9,
"url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3946"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"db": "BID",
"id": "108740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"date": "2019-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2019-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"date": "2019-06-12T15:29:00.863000",
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"date": "2019-06-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3946"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108740"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005490"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005462"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-559"
},
{
"date": "2024-11-21T04:42:55.280000",
"db": "NVD",
"id": "CVE-2019-3946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Input validation error vulnerability",
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNVD",
"id": "CNVD-2019-25688"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "b858cd6c-22d1-49a4-a77a-e989933c9367"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-559"
}
],
"trust": 0.8
}
}
var-202004-0059
Vulnerability from variot
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "v-server lite",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "v-server",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.0.9.0"
},
{
"_id": null,
"model": "v-server",
"scope": "eq",
"trust": 0.8,
"vendor": "fuji electric",
"version": "lite 4.0.9.0 \u306e\u5168\u3066"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"credits": {
"_id": null,
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
}
],
"trust": 1.4
},
"cve": "CVE-2020-10646",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10646",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-10646",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-10646",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003280",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-10646",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-10646",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-003280",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-374",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"description": {
"_id": null,
"data": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10646"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10646",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-098-04",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-452",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU98887141",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10119",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-451",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10120",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47584",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47741",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1254",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"id": "VAR-202004-0059",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2022-05-04T09:21:58.233000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
},
{
"title": "Fe Library",
"trust": 0.8,
"url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en"
},
{
"title": "Fuji Electric V-Server Lite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115595"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-122",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10646"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98887141/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47741"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-452/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10646"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1254/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47584"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
},
{
"db": "NVD",
"id": "CVE-2020-10646"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-451",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-452",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202004-374",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10646",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-451",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-452",
"ident": null
},
{
"date": "2020-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"ident": null
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-374",
"ident": null
},
{
"date": "2020-04-13T19:15:00",
"db": "NVD",
"id": "CVE-2020-10646",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-451",
"ident": null
},
{
"date": "2020-04-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-452",
"ident": null
},
{
"date": "2020-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003280",
"ident": null
},
{
"date": "2020-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-374",
"ident": null
},
{
"date": "2020-04-13T20:11:00",
"db": "NVD",
"id": "CVE-2020-10646",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-451"
},
{
"db": "ZDI",
"id": "ZDI-20-452"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-374"
}
],
"trust": 0.6
}
}
var-201707-1005
Vulnerability from variot
An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v-server",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "3.3.22.0"
},
{
"model": "v-server",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "3.3.22.0"
},
{
"model": "v-server",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric v-server",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=3.3.22.0"
},
{
"model": "v-server",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.3.22.0"
},
{
"model": "electric v-server",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:v-server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-485"
}
],
"trust": 0.7
},
"cve": "CVE-2017-9639",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22993",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9639",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9639",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9639",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2017-9639",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22993",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-864",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric of Japan. Failed attacks will cause denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9639"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9639",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-192-02",
"trust": 2.7
},
{
"db": "BID",
"id": "99544",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22993",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4030",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-485",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-192-03",
"trust": 0.6
},
{
"db": "IVD",
"id": "D5865A84-E9FB-47B5-8F83-EDAC0330897F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"id": "VAR-201707-1005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
}
],
"trust": 1.67058824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
}
]
},
"last_update_date": "2024-11-23T21:53:56.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fujielectric.co.jp/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02"
},
{
"title": "Fuji Electric V-Server Memory Corruption Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100865"
},
{
"title": "Fuji Electric V-Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99873"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/99544"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9639"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9639"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-03"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "BID",
"id": "99544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"date": "2017-07-12T00:00:00",
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99544"
},
{
"date": "2017-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"date": "2017-07-17T19:29:00.340000",
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "ZDI",
"id": "ZDI-17-485"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99544"
},
{
"date": "2017-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005845"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-864"
},
{
"date": "2024-11-21T03:36:34.153000",
"db": "NVD",
"id": "CVE-2017-9639"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric V-Server Memory corruption vulnerability",
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005845"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "d5865a84-e9fb-47b5-8f83-edac0330897f"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-864"
}
],
"trust": 0.8
}
}
CVE-2018-14819 (GCVE-0-2018-14819)
Vulnerability from cvelistv5
Published
2018-09-26 20:00
Modified
2024-09-16 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - OUT-OF-BOUNDS READ
Summary
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105341 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server |
Version: 4.0.3.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-27T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14819",
"datePublished": "2018-09-26T20:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T16:47:54.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14811 (GCVE-0-2018-14811)
Vulnerability from cvelistv5
Published
2018-09-26 20:00
Modified
2024-09-16 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE
Summary
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105341 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server |
Version: 4.0.3.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-27T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14811",
"datePublished": "2018-09-26T20:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T20:41:49.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14809 (GCVE-0-2018-14809)
Vulnerability from cvelistv5
Published
2018-09-26 20:00
Modified
2024-09-16 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - USE AFTER FREE
Summary
Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server |
Version: 4.0.3.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T19:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14809",
"datePublished": "2018-09-26T20:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T22:03:37.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14823 (GCVE-0-2018-14823)
Vulnerability from cvelistv5
Published
2018-09-26 20:00
Modified
2024-09-17 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW
Summary
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105341 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server |
Version: 4.0.3.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-27T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14823",
"datePublished": "2018-09-26T20:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T02:16:13.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14813 (GCVE-0-2018-14813)
Vulnerability from cvelistv5
Published
2018-09-26 20:00
Modified
2024-09-17 01:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW
Summary
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105341 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server |
Version: 4.0.3.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-27T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14813",
"datePublished": "2018-09-26T20:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T01:26:31.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14817 (GCVE-0-2018-14817)
Vulnerability from cvelistv5
Published
2018-09-26 20:00
Modified
2024-09-16 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - INTEGER UNDERFLOW
Summary
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105341 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | V-Server |
Version: 4.0.3.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-Server",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.3.0 and prior"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "INTEGER UNDERFLOW CWE-191",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-27T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INTEGER UNDERFLOW CWE-191"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14817",
"datePublished": "2018-09-26T20:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T22:09:53.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}