Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-38415

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-20 Dec, 2021 | 20:08
Updated At-04 Aug, 2024 | 01:44
Rejected At-
Credits

Fuji Electric Tellus Lite V-Simulator heap based buffer overflow

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:20 Dec, 2021 | 20:08
Updated At:04 Aug, 2024 | 01:44
Rejected At:
▼CVE Numbering Authority (CNA)
Fuji Electric Tellus Lite V-Simulator heap based buffer overflow

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.

Affected Products
Vendor
Fuji Electric Co., Ltd. Fuji Electric
Product
V-Server Lite
Versions
Affected
  • From unspecified before 4.0.12.0 (custom)
Vendor
Fuji Electric Co., Ltd. Fuji Electric
Product
Tellus Lite V-Simulator
Versions
Affected
  • From unspecified before 4.0.12.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Fuji Electric recommends updating software to the latest version: TELLUS Lite software: Version 4.0.12.0 Disk1 TELLUS Lite software: Version 4.0.12.0 Disk2 V-Server Lite software: Version 4.0.12.0 Disk1 V-Server Lite software: Version 4.0.12.0 Disk2

Configurations
Workarounds
Exploits
Credits
kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01
x_refsource_MISC
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01
x_refsource_MISC
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:20 Dec, 2021 | 21:15
Updated At:27 Dec, 2021 | 20:29

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Fuji Electric Co., Ltd.
fujielectric
>>v-server>>Versions before 4.0.12.0(exclusive)
cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*
Fuji Electric Co., Ltd.
fujielectric
>>v-simulator>>Versions before 4.0.12.0(exclusive)
cpe:2.3:a:fujielectric:v-simulator:*:*:*:*:lite:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Primaryics-cert@hq.dhs.gov
CWE ID: CWE-122
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01ics-cert@hq.dhs.gov
Patch
Third Party Advisory
US Government Resource
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01
Source: ics-cert@hq.dhs.gov
Resource:
Patch
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

588Records found
CVE-2024-11933
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:36
Updated-03 Dec, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21214
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.49% / 64.38%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-16 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-alpha5_smart_loader_firmwarealpha5_smart_loaderAlpha5
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2020-10646
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.23%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 18:50
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.

Action-Not Available
Vendor-n/aFuji Electric Co., Ltd.
Product-v-serverFuji Electric V-Server Lite all versions prior to 4.0.9.0
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22641
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.48% / 64.21%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 19:03
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

Action-Not Available
Vendor-n/aFuji Electric Co., Ltd.
Product-v-serverv-simulatorTellus Lite V-Simulator and V-Server Lite
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5271
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.10% / 28.40%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 19:53
Updated-30 Jul, 2025 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT Access of Resource Using Incompatible Type ('Type Confusion')

Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-38658
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.43%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 02:11
Updated-29 Nov, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-V-ServerV-Server Litev-server_litev-server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38309
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.43%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 02:10
Updated-29 Nov, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-TELLUSV-SFTTELLUS Litetellus_litetellusv-sft
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-37029
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.12% / 32.33%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 17:23
Updated-03 Oct, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Lite V-Simulatortellus_lite_v-simulator
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-11794
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.10%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11799
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Litetellus_lite
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11795
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11802
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:35
Updated-03 Dec, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Litetellus_lite
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11791
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11803
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.10%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:35
Updated-03 Dec, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Litetellus_lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11789
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11792
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3087
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.27%
||
7 Day CHG~0.00%
Published-16 Jan, 2023 | 23:46
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Lite V-Simulator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3085
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 23:22
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Lite V-Simulator
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-29925
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 07:05
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-sftV-SFT
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2022-30549
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.05%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 01:35
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server and V-Server Lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-29506
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.42%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 07:05
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverv-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47585
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 06:03
Updated-29 Aug, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-ServerV-Server Litev-server_lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47583
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.24%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 05:41
Updated-07 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellusTELLUS Simulator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47586
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.52%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 06:03
Updated-29 Aug, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-ServerV-Server Litev-server_lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47581
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 05:40
Updated-29 Nov, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUSTELLUS Litetellus_litetellus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47580
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 05:40
Updated-14 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUSTELLUS Litetellus_litetellus
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-47584
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 06:03
Updated-29 Aug, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-ServerV-Server Litev-server_lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26302
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.85% / 73.97%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 07:05
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-sftV-SFT
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32276
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32273
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32538
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31239
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server and V-Server Lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-29167
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-frenic_rhc_loaderFRENIC RHC Loader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-29160
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.06%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-frenic_rhc_loaderFRENIC RHC Loader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5597
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.16% / 37.12%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:53
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT Type Confusion

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFT
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-38401
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2019-13520
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.79% / 72.88%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:38
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.

Action-Not Available
Vendor-n/aFuji Electric Co., Ltd.
Product-alpha5_smart_loader_firmwarealpha5_smart_loaderAlpha5 Smart Loader
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38419
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator out of bounds write

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24383
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-16 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to an out-of-bounds read, which may result in code execution

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-alpha5_smart_loader_firmwarealpha5_smart_loaderAlpha5
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-38413
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.16%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator stack based buffer overflow

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-38389
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.43%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 02:11
Updated-29 Nov, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-TELLUSTELLUS Litetellus_litetellus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-47317
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.91%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38409
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.48%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator uninitialized pointer

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2022-47908
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46360
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.97%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-sfttellusV-SFT and TELLUS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41645
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.09%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47755
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.71%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:46
Updated-19 May, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47751
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.84%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:44
Updated-19 May, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47759
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.71%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:47
Updated-19 May, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftS-SFT
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47760
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.71%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:48
Updated-19 May, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found