|
[Japanese]
|
JVNDB-2022-002838
|
Multiple vulnerabilities in Fuji Electric V-Server
|
|
V-Server provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below.
* Stack-based Buffer ovewflow (CWE-121) - CVE-2022-47908
* Out-of-bounds Read (CWE-125) - CVE-2022-41645
* Out-of-bounds Write (CWE-787) - CVE-2022-47317
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Fuji Electric Co., Ltd.
- V-Server v4.0.12.0 and earlier
|
|
|
Exploiting these vulnerabilities by having a user to open a specially crafted project file may result in information disclosure and/or arbitrary code execution.
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer released V-Server v4.0.15.0 that contains the fixes for these vulnerabilities (Improvement information 22C0S04).
|
|
Fuji Electric Co., Ltd.
|
|
- Stack-based Buffer Overflow(CWE-121) [Other]
- Out-of-bounds Read(CWE-125) [Other]
- Out-of-bounds Write(CWE-787) [Other]
|
|
- CVE-2022-47908
- CVE-2022-41645
- CVE-2022-47317
|
|
- JVN : JVNVU#92811888
- National Vulnerability Database (NVD) : CVE-2022-41645
- National Vulnerability Database (NVD) : CVE-2022-47317
- National Vulnerability Database (NVD) : CVE-2022-47908
|
|
- [2023/01/04]
Web page was published
|
