Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32926

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-01 Apr, 2026 | 22:58
Updated At-02 Apr, 2026 | 13:33
Rejected At-
Credits

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–ĽCommon Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:01 Apr, 2026 | 22:58
Updated At:02 Apr, 2026 | 13:33
Rejected At:
â–ĽCVE Numbering Authority (CNA)

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Affected Products
Vendor
Hakko Electronics Co., Ltd.FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.
Product
V-SFT
Versions
Affected
  • 6.2.10.0 and prior
Problem Types
TypeCWE IDDescription
CWECWE-125Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb
N/A
https://jvn.jp/en/vu/JVNVU90448293/
N/A
Hyperlink: https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU90448293/
Resource: N/A
â–ĽAuthorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–ĽNational Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:01 Apr, 2026 | 23:17
Updated At:07 Apr, 2026 | 18:43

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CPE Matches
Fuji Electric Co., Ltd.
fujielectric
>>v-sft>>Versions up to 6.2.10.0(inclusive)
cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primaryvultures@jpcert.or.jp
CWE ID: CWE-125
Type: Primary
Source: vultures@jpcert.or.jp
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glbvultures@jpcert.or.jp
Release Notes
https://jvn.jp/en/vu/JVNVU90448293/vultures@jpcert.or.jp
Third Party Advisory
Hyperlink: https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb
Source: vultures@jpcert.or.jp
Resource:
Release Notes
Hyperlink: https://jvn.jp/en/vu/JVNVU90448293/
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1556Records found
CVE-2023-47585
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 06:03
Updated-29 Aug, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-ServerV-Server Litev-server_lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-38421
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.22%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator out of bounds read

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32542
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-12 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32288
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-31239
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.55%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server and V-Server Lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32270
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.01%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-29167
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.47%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-frenic_rhc_loaderFRENIC RHC Loader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-32927
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.01% / 2.99%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 22:59
Updated-07 Apr, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22655
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.47%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 19:06
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

Action-Not Available
Vendor-n/aFuji Electric Co., Ltd.
Product-v-serverv-simulatorTellus Lite V-Simulator and V-Server Lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-32929
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.01% / 2.99%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 23:00
Updated-07 Apr, 2026 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61860
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 10:36
Updated-27 Oct, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47754
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.13% / 31.89%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:45
Updated-19 May, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47757
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.13% / 31.89%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:47
Updated-19 May, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47756
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.13% / 31.89%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:46
Updated-19 May, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::set_mr400_strc function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47753
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.13% / 31.89%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:45
Updated-19 May, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetRectArea function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-46360
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.13%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-sfttellusV-SFT and TELLUS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38658
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.54%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 02:11
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-V-ServerV-Server Litev-server_litev-server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38389
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 02:11
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-TELLUSTELLUS Litetellus_litetellus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61862
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 10:58
Updated-27 Oct, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61863
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 11:00
Updated-27 Oct, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61861
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 10:54
Updated-27 Oct, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41645
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.39%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47755
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.13% / 31.89%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 07:46
Updated-19 May, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-30549
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.89%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 01:35
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server and V-Server Lite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-29506
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.26%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 07:05
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverv-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-24383
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-16 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to an out-of-bounds read, which may result in code execution

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-alpha5_smart_loader_firmwarealpha5_smart_loaderAlpha5
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-21202
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.3||LOW
EPSS-0.17% / 37.41%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-16 Apr, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-alpha5_smart_loader_firmwarealpha5_smart_loaderAlpha5
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-30546
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.87%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 01:35
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47581
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 05:40
Updated-29 Nov, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUSTELLUS Litetellus_litetellus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47583
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.90%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 05:41
Updated-07 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellusTELLUS Simulator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47582
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 05:41
Updated-29 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUSTELLUS Lite
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-47580
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 05:40
Updated-14 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUSTELLUS Litetellus_litetellus
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-38419
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator out of bounds write

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38409
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.22%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator uninitialized pointer

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-35127
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.77%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 00:44
Updated-29 Aug, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow

Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Lite V-Simulator
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38415
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.99%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator heap based buffer overflow

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-38413
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.99%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator stack based buffer overflow

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-32538
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.46%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32201
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.46%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32276
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.55%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32273
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.46%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-23 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-tellus_litetellusTELLUS and TELLUS Lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38401
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-29160
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-frenic_rhc_loaderFRENIC RHC Loader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29498
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.79%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-frenic_rhc_loaderFRENIC RHC Loader
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-32925
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.36%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 22:58
Updated-07 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-v-sftV-SFT
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-5597
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:53
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT Type Confusion

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFT
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-32928
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.36%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 22:59
Updated-07 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-v-sftV-SFT
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-5271
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.14% / 33.12%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 19:53
Updated-30 Jul, 2025 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT Access of Resource Using Incompatible Type ('Type Confusion')

Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2022-47908
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.Hakko Electronics Co., Ltd.
Product-v-serverV-Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61858
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 10:28
Updated-27 Oct, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

Action-Not Available
Vendor-Hakko Electronics Co., Ltd.Fuji Electric Co., Ltd.
Product-monitouch_v-sftV-SFT
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 31
  • 32
  • Next
Details not found