All the vulnerabilites related to Fuji Electric - V-Server Lite
var-202004-2332
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server lite", "scope": null, "trust": 0.7, "vendor": "fuji electric", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-453" } ] }, "credits": { "_id": null, "data": "kimiya", "sources": [ { "db": "ZDI", "id": "ZDI-20-453" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "ZDI-20-453", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-20-453", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-453" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "sources": [ { "db": "ZDI", "id": "ZDI-20-453" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-10138", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-453", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-453" } ] }, "id": "VAR-202004-2332", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41666666 }, "last_update_date": "2022-05-17T02:08:54.181000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-20-453", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-453", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-453", "ident": null } ] }, "title": { "_id": null, "data": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-20-453" } ], "trust": 0.7 } }
var-202004-2333
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server lite", "scope": null, "trust": 0.7, "vendor": "fuji electric", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-454" } ] }, "credits": { "_id": null, "data": "kimiya", "sources": [ { "db": "ZDI", "id": "ZDI-20-454" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "ZDI-20-454", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-20-454", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-454" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "sources": [ { "db": "ZDI", "id": "ZDI-20-454" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-10137", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-454", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-454" } ] }, "id": "VAR-202004-2333", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41666666 }, "last_update_date": "2022-05-17T01:43:05.050000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-20-454", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-454", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-454", "ident": null } ] }, "title": { "_id": null, "data": "Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-20-454" } ], "trust": 0.7 } }
var-202004-0059
Vulnerability from variot
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server lite", "scope": null, "trust": 1.4, "vendor": "fuji electric", "version": null }, { "_id": null, "model": "v-server", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.9.0" }, { "_id": null, "model": "v-server", "scope": "eq", "trust": 0.8, "vendor": "fuji electric", "version": "lite 4.0.9.0 \u306e\u5168\u3066" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" }, { "db": "JVNDB", "id": "JVNDB-2020-003280" }, { "db": "NVD", "id": "CVE-2020-10646" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.9.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10646" } ] }, "credits": { "_id": null, "data": "kimiya", "sources": [ { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" } ], "trust": 1.4 }, "cve": "CVE-2020-10646", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-10646", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-10646", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-10646", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA score", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003280", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-10646", "trust": 1.4, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-10646", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2020-003280", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202004-374", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" }, { "db": "JVNDB", "id": "JVNDB-2020-003280" }, { "db": "CNNVD", "id": "CNNVD-202004-374" }, { "db": "NVD", "id": "CVE-2020-10646" } ] }, "description": { "_id": null, "data": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. V-Server Lite To VPR File ( Project file ) Heap-based buffer overflow vulnerability due to too small buffer size allocated when reading (CWE-122) Exists.A remote attacker could elevate privileges and execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process", "sources": [ { "db": "NVD", "id": "CVE-2020-10646" }, { "db": "JVNDB", "id": "JVNDB-2020-003280" }, { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-10646", "trust": 3.8 }, { "db": "ICS CERT", "id": "ICSA-20-098-04", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-20-452", "trust": 1.3 }, { "db": "JVN", "id": "JVNVU98887141", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-003280", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10119", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-451", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10120", "trust": 0.7 }, { "db": "NSFOCUS", "id": "47584", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47741", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1254", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202004-374", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" }, { "db": "JVNDB", "id": "JVNDB-2020-003280" }, { "db": "CNNVD", "id": "CNNVD-202004-374" }, { "db": "NVD", "id": "CVE-2020-10646" } ] }, "id": "VAR-202004-0059", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41666666 }, "last_update_date": "2022-05-04T09:21:58.233000Z", "patch": { "_id": null, "data": [ { "title": "Fuji Electric has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04" }, { "title": "Fe Library", "trust": 0.8, "url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en" }, { "title": "Fuji Electric V-Server Lite Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115595" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" }, { "db": "JVNDB", "id": "JVNDB-2020-003280" }, { "db": "CNNVD", "id": "CNNVD-202004-374" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-122", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003280" }, { "db": "NVD", "id": "CVE-2020-10646" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10646" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98887141/index.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47741" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-452/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10646" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1254/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47584" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" }, { "db": "JVNDB", "id": "JVNDB-2020-003280" }, { "db": "CNNVD", "id": "CNNVD-202004-374" }, { "db": "NVD", "id": "CVE-2020-10646" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-20-451", "ident": null }, { "db": "ZDI", "id": "ZDI-20-452", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-003280", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202004-374", "ident": null }, { "db": "NVD", "id": "CVE-2020-10646", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-451", "ident": null }, { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-452", "ident": null }, { "date": "2020-04-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003280", "ident": null }, { "date": "2020-04-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-374", "ident": null }, { "date": "2020-04-13T19:15:00", "db": "NVD", "id": "CVE-2020-10646", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-451", "ident": null }, { "date": "2020-04-09T00:00:00", "db": "ZDI", "id": "ZDI-20-452", "ident": null }, { "date": "2020-04-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003280", "ident": null }, { "date": "2020-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-374", "ident": null }, { "date": "2020-04-13T20:11:00", "db": "NVD", "id": "CVE-2020-10646", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-374" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-20-451" }, { "db": "ZDI", "id": "ZDI-20-452" } ], "trust": 1.4 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-374" } ], "trust": 0.6 } }
var-202101-1103
Vulnerability from variot
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.10.0" }, { "_id": null, "model": "v-simulator", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.10.0" }, { "_id": null, "model": "v-simulator", "scope": "eq", "trust": 0.8, "vendor": "\u5bcc\u58eb\u96fb\u6a5f", "version": "lite 4.0.10.0" }, { "_id": null, "model": "v-server", "scope": null, "trust": 0.8, "vendor": "\u5bcc\u58eb\u96fb\u6a5f", "version": null }, { "_id": null, "model": "v-server lite", "scope": null, "trust": 0.7, "vendor": "fuji electric", "version": null }, { "_id": null, "model": "electric tellus lite v-simulator", "scope": "lt", "trust": 0.6, "vendor": "fuji", "version": "4.0.10.0" }, { "_id": null, "model": "electric v-server lite", "scope": "lt", "trust": 0.6, "vendor": "fuji", "version": "4.0.10.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-097" }, { "db": "CNVD", "id": "CNVD-2021-17711" }, { "db": "JVNDB", "id": "JVNDB-2021-002819" }, { "db": "NVD", "id": "CVE-2021-22637" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-21-097" } ], "trust": 0.7 }, "cve": "CVE-2021-22637", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-22637", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2021-17711", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22637", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22637", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22637", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-22637", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-22637", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-22637", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-17711", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-2406", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-22637", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-097" }, { "db": "CNVD", "id": "CNVD-2021-17711" }, { "db": "VULMON", "id": "CVE-2021-22637" }, { "db": "JVNDB", "id": "JVNDB-2021-002819" }, { "db": "CNNVD", "id": "CNNVD-202101-2406" }, { "db": "NVD", "id": "CVE-2021-22637" } ] }, "description": { "_id": null, "data": "Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment", "sources": [ { "db": "NVD", "id": "CVE-2021-22637" }, { "db": "JVNDB", "id": "JVNDB-2021-002819" }, { "db": "ZDI", "id": "ZDI-21-097" }, { "db": "CNVD", "id": "CNVD-2021-17711" }, { "db": "VULMON", "id": "CVE-2021-22637" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-22637", "trust": 3.8 }, { "db": "ZDI", "id": "ZDI-21-097", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-21-026-01", "trust": 3.1 }, { "db": "JVN", "id": "JVNVU93293369", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002819", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11170", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-17711", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0297", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-2406", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22637", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-097" }, { "db": "CNVD", "id": "CNVD-2021-17711" }, { "db": "VULMON", "id": "CVE-2021-22637" }, { "db": "JVNDB", "id": "JVNDB-2021-002819" }, { "db": "CNNVD", "id": "CNNVD-202101-2406" }, { "db": "NVD", "id": "CVE-2021-22637" } ] }, "id": "VAR-202101-1103", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-17711" } ], "trust": 1.53529412 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-17711" } ] }, "last_update_date": "2024-11-23T19:25:31.113000Z", "patch": { "_id": null, "data": [ { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://www.fujielectric.com/index.html" }, { "title": "Fuji Electric has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01" }, { "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/252811" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-097" }, { "db": "CNVD", "id": "CNVD-2021-17711" }, { "db": "JVNDB", "id": "JVNDB-2021-002819" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002819" }, { "db": "NVD", "id": "CVE-2021-22637" } ] }, "references": { "_id": null, "data": [ { "trust": 4.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-097/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22637" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93293369/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-097" }, { "db": "CNVD", "id": "CNVD-2021-17711" }, { "db": "VULMON", "id": "CVE-2021-22637" }, { "db": "JVNDB", "id": "JVNDB-2021-002819" }, { "db": "CNNVD", "id": "CNNVD-202101-2406" }, { "db": "NVD", "id": "CVE-2021-22637" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-097", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-17711", "ident": null }, { "db": "VULMON", "id": "CVE-2021-22637", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002819", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-2406", "ident": null }, { "db": "NVD", "id": "CVE-2021-22637", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-29T00:00:00", "db": "ZDI", "id": "ZDI-21-097", "ident": null }, { "date": "2021-03-16T00:00:00", "db": "CNVD", "id": "CNVD-2021-17711", "ident": null }, { "date": "2021-01-27T00:00:00", "db": "VULMON", "id": "CVE-2021-22637", "ident": null }, { "date": "2021-10-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002819", "ident": null }, { "date": "2021-01-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2406", "ident": null }, { "date": "2021-01-27T20:15:12.770000", "db": "NVD", "id": "CVE-2021-22637", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-29T00:00:00", "db": "ZDI", "id": "ZDI-21-097", "ident": null }, { "date": "2021-03-16T00:00:00", "db": "CNVD", "id": "CNVD-2021-17711", "ident": null }, { "date": "2021-01-29T00:00:00", "db": "VULMON", "id": "CVE-2021-22637", "ident": null }, { "date": "2021-10-05T08:53:00", "db": "JVNDB", "id": "JVNDB-2021-002819", "ident": null }, { "date": "2021-02-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2406", "ident": null }, { "date": "2024-11-21T05:50:21.713000", "db": "NVD", "id": "CVE-2021-22637", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2406" } ], "trust": 0.6 }, "title": { "_id": null, "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002819" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2406" } ], "trust": 0.6 } }
var-202102-0298
Vulnerability from variot
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "3.3.24.0" }, { "_id": null, "model": "v-server", "scope": "eq", "trust": 0.8, "vendor": "fuji electric", "version": "lite 3.3.24.0 \u306e\u5168\u3066" }, { "_id": null, "model": "v-server lite", "scope": null, "trust": 0.7, "vendor": "fuji electric", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-1384" }, { "db": "JVNDB", "id": "JVNDB-2020-009656" }, { "db": "NVD", "id": "CVE-2020-25171" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.24.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-25171" } ] }, "credits": { "_id": null, "data": "Tran Van Khang - khangkito of VinCSS (Member of Vingroup)", "sources": [ { "db": "ZDI", "id": "ZDI-20-1384" } ], "trust": 0.7 }, "cve": "CVE-2020-25171", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-25171", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-25171", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA score", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-009656", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-25171", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-25171", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2020-009656", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-25171", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202011-1837", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-1384" }, { "db": "JVNDB", "id": "JVNDB-2020-009656" }, { "db": "CNNVD", "id": "CNNVD-202011-1837" }, { "db": "NVD", "id": "CVE-2020-25171" } ] }, "description": { "_id": null, "data": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Provided by Fuji Electric Co., Ltd. V-Server Lite Is an industrial software that collects production information in real time. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process", "sources": [ { "db": "NVD", "id": "CVE-2020-25171" }, { "db": "JVNDB", "id": "JVNDB-2020-009656" }, { "db": "ZDI", "id": "ZDI-20-1384" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-25171", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-20-329-02", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU97620058", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-009656", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11353", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-1384", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.4169", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202011-1837", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-1384" }, { "db": "JVNDB", "id": "JVNDB-2020-009656" }, { "db": "CNNVD", "id": "CNNVD-202011-1837" }, { "db": "NVD", "id": "CVE-2020-25171" } ] }, "id": "VAR-202102-0298", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41666666 }, "last_update_date": "2022-05-04T09:42:08.814000Z", "patch": { "_id": null, "data": [ { "title": "Fe Library | Search Remote Control Software Documents (\u8981\u30ed\u30b0\u30a4\u30f3)", "trust": 0.8, "url": "https://felib.fujielectric.co.jp/download/pod_document.htm?product1_id=p10003\u0026product2_id=p20023\u0026product3_id=p30262\u0026material1_id=m10009\u0026site=global\u0026lang=en" }, { "title": "Fuji Electric has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-1384" }, { "db": "JVNDB", "id": "JVNDB-2020-009656" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-009656" }, { "db": "NVD", "id": "CVE-2020-25171" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25171" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97620058" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25171" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4169/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-1384" }, { "db": "JVNDB", "id": "JVNDB-2020-009656" }, { "db": "CNNVD", "id": "CNNVD-202011-1837" }, { "db": "NVD", "id": "CVE-2020-25171" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-20-1384", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-009656", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202011-1837", "ident": null }, { "db": "NVD", "id": "CVE-2020-25171", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-11-25T00:00:00", "db": "ZDI", "id": "ZDI-20-1384", "ident": null }, { "date": "2020-11-26T06:26:17", "db": "JVNDB", "id": "JVNDB-2020-009656", "ident": null }, { "date": "2020-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-1837", "ident": null }, { "date": "2021-02-19T18:15:00", "db": "NVD", "id": "CVE-2020-25171", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-11-25T00:00:00", "db": "ZDI", "id": "ZDI-20-1384", "ident": null }, { "date": "2020-11-26T06:26:17", "db": "JVNDB", "id": "JVNDB-2020-009656", "ident": null }, { "date": "2021-02-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-1837", "ident": null }, { "date": "2021-02-25T22:16:00", "db": "NVD", "id": "CVE-2020-25171", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-1837" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Made by Fuji Electric V-Server Lite Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-009656" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-1837" } ], "trust": 0.6 } }
var-201809-0083
Vulnerability from variot
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. V-Server Lite 4.0.3.0 and prior versions are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server", "scope": "lte", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.3.0" }, { "_id": null, "model": "v-server", "scope": "lte", "trust": 0.8, "vendor": "fuji electric", "version": "lite 4.0.3.0" }, { "_id": null, "model": "v-server lite", "scope": null, "trust": 0.7, "vendor": "fuji electric", "version": null }, { "_id": null, "model": "v-server", "scope": "eq", "trust": 0.6, "vendor": "fujielectric", "version": "4.0.3.0" }, { "_id": null, "model": "electric v-server lite", "scope": "eq", "trust": 0.3, "vendor": "fuji", "version": "4.0.3.0" }, { "_id": null, "model": "electric v-server lite", "scope": "eq", "trust": 0.3, "vendor": "fuji", "version": "4.0.0.0" }, { "_id": null, "model": "electric v-server lite", "scope": "eq", "trust": 0.3, "vendor": "fuji", "version": "3.3.22.0" }, { "_id": null, "model": "electric v-server lite", "scope": "eq", "trust": 0.3, "vendor": "fuji", "version": "3.0.1.0" }, { "_id": null, "model": "electric v-server lite", "scope": "eq", "trust": 0.3, "vendor": "fuji", "version": "2.1.36.0" }, { "_id": null, "model": "electric v-server lite", "scope": "eq", "trust": 0.3, "vendor": "fuji", "version": "2.0.0.0" }, { "_id": null, "model": "electric v-server lite", "scope": "ne", "trust": 0.3, "vendor": "fuji", "version": "4.0.4.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1023" }, { "db": "BID", "id": "105328" }, { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "CNNVD", "id": "CNNVD-201809-575" }, { "db": "NVD", "id": "CVE-2018-10637" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fujielectric:v-server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010848" } ] }, "credits": { "_id": null, "data": "Ariele Caltabiano (kimiya)", "sources": [ { "db": "ZDI", "id": "ZDI-18-1023" } ], "trust": 0.7 }, "cve": "CVE-2018-10637", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2018-10637", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2018-10637", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-10637", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-10637", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-10637", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2018-10637", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201809-575", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1023" }, { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "CNNVD", "id": "CNNVD-201809-575" }, { "db": "NVD", "id": "CVE-2018-10637" } ] }, "description": { "_id": null, "data": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Fuji Electric V-Server Lite Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nV-Server Lite 4.0.3.0 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2018-10637" }, { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "ZDI", "id": "ZDI-18-1023" }, { "db": "BID", "id": "105328" } ], "trust": 2.52 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-10637", "trust": 3.4 }, { "db": "ICS CERT", "id": "ICSA-18-254-02", "trust": 2.7 }, { "db": "BID", "id": "105328", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2018-010848", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6376", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1023", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201809-575", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1023" }, { "db": "BID", "id": "105328" }, { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "CNNVD", "id": "CNNVD-201809-575" }, { "db": "NVD", "id": "CVE-2018-10637" } ] }, "id": "VAR-201809-0083", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.87058824 }, "last_update_date": "2024-11-23T22:26:14.101000Z", "patch": { "_id": null, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.fujielectric.co.jp/" }, { "title": "Fuji Electric has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02" }, { "title": "Fuji Electric V-Server Lite Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84842" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1023" }, { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "CNNVD", "id": "CNNVD-201809-575" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.8 }, { "problemtype": "CWE-120", "trust": 1.0 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "NVD", "id": "CVE-2018-10637" } ] }, "references": { "_id": null, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-02" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/105328" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10637" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10637" }, { "trust": 0.3, "url": "http://www.fujielectric.com/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1023" }, { "db": "BID", "id": "105328" }, { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "CNNVD", "id": "CNNVD-201809-575" }, { "db": "NVD", "id": "CVE-2018-10637" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-18-1023", "ident": null }, { "db": "BID", "id": "105328", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-010848", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201809-575", "ident": null }, { "db": "NVD", "id": "CVE-2018-10637", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-09-12T00:00:00", "db": "ZDI", "id": "ZDI-18-1023", "ident": null }, { "date": "2018-09-11T00:00:00", "db": "BID", "id": "105328", "ident": null }, { "date": "2018-12-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010848", "ident": null }, { "date": "2018-09-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201809-575", "ident": null }, { "date": "2018-09-13T19:29:00.277000", "db": "NVD", "id": "CVE-2018-10637", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-09-12T00:00:00", "db": "ZDI", "id": "ZDI-18-1023", "ident": null }, { "date": "2018-09-11T00:00:00", "db": "BID", "id": "105328", "ident": null }, { "date": "2018-12-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010848", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201809-575", "ident": null }, { "date": "2024-11-21T03:41:42.753000", "db": "NVD", "id": "CVE-2018-10637", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201809-575" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Fuji Electric V-Server Lite Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010848" }, { "db": "CNNVD", "id": "CNNVD-201809-575" } ], "trust": 1.4 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201809-575" } ], "trust": 0.6 } }
var-202101-1105
Vulnerability from variot
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.10.0" }, { "_id": null, "model": "v-simulator", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.10.0" }, { "_id": null, "model": "v-simulator", "scope": "eq", "trust": 0.8, "vendor": "\u5bcc\u58eb\u96fb\u6a5f", "version": "lite 4.0.10.0" }, { "_id": null, "model": "v-server", "scope": null, "trust": 0.8, "vendor": "\u5bcc\u58eb\u96fb\u6a5f", "version": null }, { "_id": null, "model": "v-server lite", "scope": null, "trust": 0.7, "vendor": "fuji electric", "version": null }, { "_id": null, "model": "electric tellus lite v-simulator", "scope": "lt", "trust": 0.6, "vendor": "fuji", "version": "4.0.10.0" }, { "_id": null, "model": "electric v-server lite", "scope": "lt", "trust": 0.6, "vendor": "fuji", "version": "4.0.10.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-099" }, { "db": "CNVD", "id": "CNVD-2021-17707" }, { "db": "JVNDB", "id": "JVNDB-2021-002821" }, { "db": "NVD", "id": "CVE-2021-22641" } ] }, "credits": { "_id": null, "data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)", "sources": [ { "db": "ZDI", "id": "ZDI-21-099" } ], "trust": 0.7 }, "cve": "CVE-2021-22641", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-22641", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2021-17707", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22641", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22641", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22641", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-22641", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-22641", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-22641", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-17707", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-2393", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-22641", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-099" }, { "db": "CNVD", "id": "CNVD-2021-17707" }, { "db": "VULMON", "id": "CVE-2021-22641" }, { "db": "JVNDB", "id": "JVNDB-2021-002821" }, { "db": "CNNVD", "id": "CNNVD-202101-2393" }, { "db": "NVD", "id": "CVE-2021-22641" } ] }, "description": { "_id": null, "data": "A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment", "sources": [ { "db": "NVD", "id": "CVE-2021-22641" }, { "db": "JVNDB", "id": "JVNDB-2021-002821" }, { "db": "ZDI", "id": "ZDI-21-099" }, { "db": "CNVD", "id": "CNVD-2021-17707" }, { "db": "VULMON", "id": "CVE-2021-22641" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-22641", "trust": 3.8 }, { "db": "ZDI", "id": "ZDI-21-099", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-21-026-01", "trust": 3.1 }, { "db": "JVN", "id": "JVNVU93293369", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002821", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11669", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-17707", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0297", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-2393", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22641", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-099" }, { "db": "CNVD", "id": "CNVD-2021-17707" }, { "db": "VULMON", "id": "CVE-2021-22641" }, { "db": "JVNDB", "id": "JVNDB-2021-002821" }, { "db": "CNNVD", "id": "CNNVD-202101-2393" }, { "db": "NVD", "id": "CVE-2021-22641" } ] }, "id": "VAR-202101-1105", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-17707" } ], "trust": 1.53529412 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-17707" } ] }, "last_update_date": "2024-11-23T21:26:42.245000Z", "patch": { "_id": null, "data": [ { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://www.fujielectric.com/index.html" }, { "title": "Fuji Electric has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01" }, { "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17707)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/252926" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-099" }, { "db": "CNVD", "id": "CNVD-2021-17707" }, { "db": "JVNDB", "id": "JVNDB-2021-002821" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002821" }, { "db": "NVD", "id": "CVE-2021-22641" } ] }, "references": { "_id": null, "data": [ { "trust": 4.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-099/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22641" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93293369/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-099" }, { "db": "CNVD", "id": "CNVD-2021-17707" }, { "db": "VULMON", "id": "CVE-2021-22641" }, { "db": "JVNDB", "id": "JVNDB-2021-002821" }, { "db": "CNNVD", "id": "CNNVD-202101-2393" }, { "db": "NVD", "id": "CVE-2021-22641" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-099", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-17707", "ident": null }, { "db": "VULMON", "id": "CVE-2021-22641", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002821", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-2393", "ident": null }, { "db": "NVD", "id": "CVE-2021-22641", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-29T00:00:00", "db": "ZDI", "id": "ZDI-21-099", "ident": null }, { "date": "2021-03-16T00:00:00", "db": "CNVD", "id": "CNVD-2021-17707", "ident": null }, { "date": "2021-01-27T00:00:00", "db": "VULMON", "id": "CVE-2021-22641", "ident": null }, { "date": "2021-10-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002821", "ident": null }, { "date": "2021-01-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2393", "ident": null }, { "date": "2021-01-27T20:15:13.207000", "db": "NVD", "id": "CVE-2021-22641", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-29T00:00:00", "db": "ZDI", "id": "ZDI-21-099", "ident": null }, { "date": "2021-03-16T00:00:00", "db": "CNVD", "id": "CNVD-2021-17707", "ident": null }, { "date": "2021-01-29T00:00:00", "db": "VULMON", "id": "CVE-2021-22641", "ident": null }, { "date": "2021-10-05T08:53:00", "db": "JVNDB", "id": "JVNDB-2021-002821", "ident": null }, { "date": "2021-02-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2393", "ident": null }, { "date": "2024-11-21T05:50:22.220000", "db": "NVD", "id": "CVE-2021-22641", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2393" } ], "trust": 0.6 }, "title": { "_id": null, "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002821" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2393" } ], "trust": 0.6 } }
var-202101-1104
Vulnerability from variot
An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "v-server", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.10.0" }, { "_id": null, "model": "v-simulator", "scope": "lt", "trust": 1.0, "vendor": "fujielectric", "version": "4.0.10.0" }, { "_id": null, "model": "v-simulator", "scope": "eq", "trust": 0.8, "vendor": "\u5bcc\u58eb\u96fb\u6a5f", "version": "lite 4.0.10.0" }, { "_id": null, "model": "v-server", "scope": null, "trust": 0.8, "vendor": "\u5bcc\u58eb\u96fb\u6a5f", "version": null }, { "_id": null, "model": "v-server lite", "scope": null, "trust": 0.7, "vendor": "fuji electric", "version": null }, { "_id": null, "model": "electric tellus lite v-simulator", "scope": "lt", "trust": 0.6, "vendor": "fuji", "version": "4.0.10.0" }, { "_id": null, "model": "electric v-server lite", "scope": "lt", "trust": 0.6, "vendor": "fuji", "version": "4.0.10.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-098" }, { "db": "CNVD", "id": "CNVD-2021-17708" }, { "db": "JVNDB", "id": "JVNDB-2021-002820" }, { "db": "NVD", "id": "CVE-2021-22639" } ] }, "credits": { "_id": null, "data": "khangkito - Tran Van Khang of VinCSS (Member of Vingroup)", "sources": [ { "db": "ZDI", "id": "ZDI-21-098" } ], "trust": 0.7 }, "cve": "CVE-2021-22639", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-22639", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2021-17708", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22639", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22639", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22639", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-22639", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-22639", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-22639", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-17708", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-2398", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-22639", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-098" }, { "db": "CNVD", "id": "CNVD-2021-17708" }, { "db": "VULMON", "id": "CVE-2021-22639" }, { "db": "JVNDB", "id": "JVNDB-2021-002820" }, { "db": "CNNVD", "id": "CNNVD-202101-2398" }, { "db": "NVD", "id": "CVE-2021-22639" } ] }, "description": { "_id": null, "data": "An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). V-Simulator and V-Server Lite There is a vulnerability in accessing uninitialized pointers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric, Japan. The software can collect information about PLCs, temperature controllers, inverters and other equipment", "sources": [ { "db": "NVD", "id": "CVE-2021-22639" }, { "db": "JVNDB", "id": "JVNDB-2021-002820" }, { "db": "ZDI", "id": "ZDI-21-098" }, { "db": "CNVD", "id": "CNVD-2021-17708" }, { "db": "VULMON", "id": "CVE-2021-22639" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-22639", "trust": 3.8 }, { "db": "ZDI", "id": "ZDI-21-098", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-21-026-01", "trust": 3.1 }, { "db": "JVN", "id": "JVNVU93293369", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002820", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11668", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-17708", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0297", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-2398", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22639", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-098" }, { "db": "CNVD", "id": "CNVD-2021-17708" }, { "db": "VULMON", "id": "CVE-2021-22639" }, { "db": "JVNDB", "id": "JVNDB-2021-002820" }, { "db": "CNNVD", "id": "CNNVD-202101-2398" }, { "db": "NVD", "id": "CVE-2021-22639" } ] }, "id": "VAR-202101-1104", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-17708" } ], "trust": 1.53529412 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-17708" } ] }, "last_update_date": "2024-11-23T20:26:42.576000Z", "patch": { "_id": null, "data": [ { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://www.fujielectric.com/index.html" }, { "title": "Fuji Electric has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01" }, { "title": "Patch for Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite buffer overflow vulnerability (CNVD-2021-17708)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/252906" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-098" }, { "db": "CNVD", "id": "CNVD-2021-17708" }, { "db": "JVNDB", "id": "JVNDB-2021-002820" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-824", "trust": 1.0 }, { "problemtype": "Accessing uninitialized pointers (CWE-824) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002820" }, { "db": "NVD", "id": "CVE-2021-22639" } ] }, "references": { "_id": null, "data": [ { "trust": 4.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-098/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22639" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93293369/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0297/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/824.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195684" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-098" }, { "db": "CNVD", "id": "CNVD-2021-17708" }, { "db": "VULMON", "id": "CVE-2021-22639" }, { "db": "JVNDB", "id": "JVNDB-2021-002820" }, { "db": "CNNVD", "id": "CNNVD-202101-2398" }, { "db": "NVD", "id": "CVE-2021-22639" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-098", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-17708", "ident": null }, { "db": "VULMON", "id": "CVE-2021-22639", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002820", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-2398", "ident": null }, { "db": "NVD", "id": "CVE-2021-22639", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-29T00:00:00", "db": "ZDI", "id": "ZDI-21-098", "ident": null }, { "date": "2021-03-16T00:00:00", "db": "CNVD", "id": "CNVD-2021-17708", "ident": null }, { "date": "2021-01-27T00:00:00", "db": "VULMON", "id": "CVE-2021-22639", "ident": null }, { "date": "2021-10-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002820", "ident": null }, { "date": "2021-01-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2398", "ident": null }, { "date": "2021-01-27T20:15:12.847000", "db": "NVD", "id": "CVE-2021-22639", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-29T00:00:00", "db": "ZDI", "id": "ZDI-21-098", "ident": null }, { "date": "2021-03-16T00:00:00", "db": "CNVD", "id": "CNVD-2021-17708", "ident": null }, { "date": "2021-01-29T00:00:00", "db": "VULMON", "id": "CVE-2021-22639", "ident": null }, { "date": "2021-10-05T08:53:00", "db": "JVNDB", "id": "JVNDB-2021-002820", "ident": null }, { "date": "2021-02-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2398", "ident": null }, { "date": "2024-11-21T05:50:21.947000", "db": "NVD", "id": "CVE-2021-22639", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2398" } ], "trust": 0.6 }, "title": { "_id": null, "data": "V-Simulator\u00a0 and \u00a0V-Server\u00a0Lite\u00a0 Vulnerability in accessing uninitialized pointers in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002820" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-2398" } ], "trust": 0.6 } }
cve-2018-10637
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105328 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: 4.0.3.0 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:46:47.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105328", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105328" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": "Fuji Electric", "versions": [ { "status": "affected", "version": "4.0.3.0 and prior" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-14T09:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "105328", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105328" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-09-11T00:00:00", "ID": "CVE-2018-10637", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_value": "4.0.3.0 and prior" } ] } } ] }, "vendor_name": "Fuji Electric" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120" } ] } ] }, "references": { "reference_data": [ { "name": "105328", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105328" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10637", "datePublished": "2018-09-13T20:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-17T01:11:13.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-25171
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: unspecified < 3.3.24.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:26:10.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": "Fuji Electric", "versions": [ { "lessThan": "3.3.24.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "OUT-OF-BOUNDS WRITE CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-19T17:06:18", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02" } ], "source": { "advisory": "ICSA-20-329-02", "discovery": "UNKNOWN" }, "title": "Fuji Electric V-Server Lite", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25171", "STATE": "PUBLIC", "TITLE": "Fuji Electric V-Server Lite" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "3.3.24.0" } ] } } ] }, "vendor_name": "Fuji Electric" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OUT-OF-BOUNDS WRITE CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02" } ] }, "source": { "advisory": "ICSA-20-329-02", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25171", "datePublished": "2021-02-19T17:06:18", "dateReserved": "2020-09-04T00:00:00", "dateUpdated": "2024-08-04T15:26:10.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38409
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: unspecified < 4.0.12.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:46", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator uninitialized pointer", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38409", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator uninitialized pointer" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-824 Access of Uninitialized Pointer" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38409", "datePublished": "2021-12-20T20:08:46", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:37:16.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38415
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: unspecified < 4.0.12.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:48", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator heap based buffer overflow", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38415", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator heap based buffer overflow" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38415", "datePublished": "2021-12-20T20:08:48", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38421
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: unspecified < 4.0.12.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.159Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:48", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator out of bounds read", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38421", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator out of bounds read" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125 Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38421", "datePublished": "2021-12-20T20:08:48", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.159Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38401
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: unspecified < 4.0.12.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822 - Untrusted pointer dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:47", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38401", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822 - Untrusted pointer dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38401", "datePublished": "2021-12-20T20:08:47", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:37:16.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38419
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: unspecified < 4.0.12.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.450Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:50", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator out of bounds write", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38419", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator out of bounds write" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787 Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38419", "datePublished": "2021-12-20T20:08:50", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38413
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fuji Electric | V-Server Lite |
Version: unspecified < 4.0.12.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:49", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator stack based buffer overflow", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38413", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator stack based buffer overflow" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38413", "datePublished": "2021-12-20T20:08:49", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }