|
[Japanese]
|
JVNDB-2022-001931
|
Multiple vulnerabilities in Fuji Electric V-SFT, V-Server and V-Server Lite
|
|
Multiple vulnerabilities listed below exist in the simulator module contained in the graphic editor "V-SFT" and the remote monitoring software "V-Server" and "V-Server Lite" provided by FUJI ELECTRIC CO., LTD.
* Out-of-bounds Read in V-SFT (CWE-125) - CVE-2022-29506
* Out-of-bounds Read in V-Server and V-Server Lite (CWE-125) - CVE-2022-30549
* Out-of-bounds Write in V-Server and V-Server Lite (CWE-787) - CVE-2022-29524
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Fuji Electric Co., Ltd.
- V-Server Lite v4.0.13.0 and earlier
- V-Server v4.0.11.0 and earlier
- V-SFT v6.1.3.0 and earlier
|
|
|
Exploiting these vulnerabilities by having a user to open a specially crafted image file may result in the following impacts.
* Information disclosure
* Arbitrary code execution
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The respective products/versions listed below contain the fixes for these vulnerabilities.
* V-SFT v6.1.6.0 (Improvement information 2240H36)
* V-Server V4.0.12.0 and V-Server Lite V4.0.13.0a (Improvement information 2250S01)
|
|
Fuji Electric Co., Ltd.
|
|
- Out-of-bounds Read(CWE-125) [Other]
- Out-of-bounds Write(CWE-787) [Other]
|
|
- CVE-2022-29506
- CVE-2022-30549
- CVE-2022-29524
|
|
- JVN : JVNVU#93134398
|
|
- [2022/05/27]
Web page was published
|
