Search criteria
7 vulnerabilities found for Alpha5 Smart Loader by Fuji Electric
VAR-201810-0384
Vulnerability from variot - Updated: 2023-12-18 13:43Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alpha5 smart loader",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "3.7"
},
{
"model": "alpha5 smart loader",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "3.7"
},
{
"model": "electric alpha5 smart loader",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=3.7"
},
{
"model": "alpha5 smart loader",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "3.7"
},
{
"model": "electric alpha5 smart loader",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujielectric:alpha5_smart_loader_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujielectric:alpha5_smart_loader:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Flanders and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "105411"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14788",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03307",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-124982",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-14788",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14788",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-03307",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1247",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-124982",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "VULHUB",
"id": "VHN-124982"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14788",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-270-02",
"trust": 2.8
},
{
"db": "BID",
"id": "105411",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-03307",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-124982",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"id": "VAR-201810-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
}
],
"trust": 1.33333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
}
]
},
"last_update_date": "2023-12-18T13:43:33.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ALPHA5 Smart",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/products/servo/alpha5smart/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105411"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14788"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14788"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"date": "2018-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-124982"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105411"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"date": "2018-10-01T13:29:00.317000",
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-124982"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105411"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"date": "2019-10-09T23:35:12.453000",
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Alpha5 Smart Loader Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
],
"trust": 0.6
}
}
VAR-201810-0386
Vulnerability from variot - Updated: 2023-12-18 13:43Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer. Fuji Electric Alpha5 Smart Loader Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. A heap buffer overflow vulnerability exists in FujiElectricAlpha5SmartLoader 3.7 and earlier. The attacker can exploit the vulnerability to execute the code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0386",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alpha5 smart loader",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "3.7"
},
{
"model": "alpha5 smart loader",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "3.7"
},
{
"model": "electric alpha5 smart loader",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=3.7"
},
{
"model": "electric alpha5 smart loader",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "NVD",
"id": "CVE-2018-14794"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujielectric:alpha5_smart_loader_firmware:*:*:*:*:*:*:*:undefined",
"cpe_name": [],
"versionEndIncluding": "3.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujielectric:alpha5_smart_loader:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14794"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Flanders and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "105411"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14794",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14794",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03308",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-124989",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14794",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14794",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-03308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1248",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-124989",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-14794",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"db": "VULHUB",
"id": "VHN-124989"
},
{
"db": "VULMON",
"id": "CVE-2018-14794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "NVD",
"id": "CVE-2018-14794"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer. Fuji Electric Alpha5 Smart Loader Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. A heap buffer overflow vulnerability exists in FujiElectricAlpha5SmartLoader 3.7 and earlier. The attacker can exploit the vulnerability to execute the code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "VULHUB",
"id": "VHN-124989"
},
{
"db": "VULMON",
"id": "CVE-2018-14794"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14794",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-270-02",
"trust": 2.9
},
{
"db": "BID",
"id": "105411",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1248",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-03308",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-124989",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-14794",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"db": "VULHUB",
"id": "VHN-124989"
},
{
"db": "VULMON",
"id": "CVE-2018-14794"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "NVD",
"id": "CVE-2018-14794"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
]
},
"id": "VAR-201810-0386",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"db": "VULHUB",
"id": "VHN-124989"
}
],
"trust": 1.33333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03308"
}
]
},
"last_update_date": "2023-12-18T13:43:33.258000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ALPHA5 Smart",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/products/servo/alpha5smart/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "NVD",
"id": "CVE-2018-14794"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-02"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/105411"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14794"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14794"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"db": "VULHUB",
"id": "VHN-124989"
},
{
"db": "VULMON",
"id": "CVE-2018-14794"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "NVD",
"id": "CVE-2018-14794"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"db": "VULHUB",
"id": "VHN-124989"
},
{
"db": "VULMON",
"id": "CVE-2018-14794"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "NVD",
"id": "CVE-2018-14794"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"date": "2018-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-124989"
},
{
"date": "2018-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14794"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105411"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"date": "2018-10-01T13:29:00.550000",
"db": "NVD",
"id": "CVE-2018-14794"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03308"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-124989"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14794"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105411"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"date": "2019-10-09T23:35:13.327000",
"db": "NVD",
"id": "CVE-2018-14794"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Alpha5 Smart Loader Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013882"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1248"
}
],
"trust": 0.6
}
}
VAR-201908-0869
Vulnerability from variot - Updated: 2023-12-18 13:23Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application. Alpha5 Smart Loader Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of an administrator
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0869",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alpha5",
"scope": null,
"trust": 3.5,
"vendor": "fuji electric",
"version": null
},
{
"model": "alpha5 smart loader",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "4.2"
},
{
"model": "alpha5 smart loader",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji electric",
"version": "4.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "NVD",
"id": "CVE-2019-13520"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujielectric:alpha5_smart_loader_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujielectric:alpha5_smart_loader:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
}
],
"trust": 3.5
},
"cve": "CVE-2019-13520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13520",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13520",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13520",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-13520",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13520",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1135",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "NVD",
"id": "CVE-2019-13520"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application. Alpha5 Smart Loader Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of an administrator",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13520"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13520",
"trust": 5.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-227-02",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-798",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-820",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-763",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8566",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8756",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-762",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8590",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8568",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-761",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8772",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3148",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1135",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "NVD",
"id": "CVE-2019-13520"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
]
},
"id": "VAR-201908-0869",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43333334
},
"last_update_date": "2023-12-18T13:23:38.015000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-02"
},
{
"title": "ALPHA5 Smart",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/products/servo/alpha5smart/overview/index.html"
},
{
"title": "Fuji Electric Alpha5 Smart Loader Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96796"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "NVD",
"id": "CVE-2019-13520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 6.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-02"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-798/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-820/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13520"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13520"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3148/"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-763/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "NVD",
"id": "CVE-2019-13520"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"db": "NVD",
"id": "CVE-2019-13520"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"date": "2019-08-19T00:00:00",
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"date": "2019-09-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"date": "2019-08-19T00:00:00",
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"date": "2019-08-19T00:00:00",
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"date": "2019-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"date": "2019-08-20T20:15:11.933000",
"db": "NVD",
"id": "CVE-2019-13520"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"date": "2019-08-19T00:00:00",
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"date": "2019-09-11T00:00:00",
"db": "ZDI",
"id": "ZDI-19-820"
},
{
"date": "2019-08-19T00:00:00",
"db": "ZDI",
"id": "ZDI-19-761"
},
{
"date": "2019-08-19T00:00:00",
"db": "ZDI",
"id": "ZDI-19-763"
},
{
"date": "2019-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008520"
},
{
"date": "2020-10-16T13:22:25.857000",
"db": "NVD",
"id": "CVE-2019-13520"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Alpha5 SDP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-798"
},
{
"db": "ZDI",
"id": "ZDI-19-762"
},
{
"db": "ZDI",
"id": "ZDI-19-763"
}
],
"trust": 2.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1135"
}
],
"trust": 0.6
}
}
CVE-2018-14788 (GCVE-0-2018-14788)
Vulnerability from cvelistv5 – Published: 2018-10-01 13:00 – Updated: 2024-09-17 01:35
VLAI?
Summary
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types.
Severity ?
No CVSS data available.
CWE
- CWE-120 - BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Alpha5 Smart Loader |
Affected:
3.7 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alpha5 Smart Loader",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "3.7 and prior"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alpha5 Smart Loader",
"version": {
"version_data": [
{
"version_value": "3.7 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105411"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14788",
"datePublished": "2018-10-01T13:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T01:35:37.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14794 (GCVE-0-2018-14794)
Vulnerability from cvelistv5 – Published: 2018-10-01 13:00 – Updated: 2024-09-16 17:14
VLAI?
Summary
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Alpha5 Smart Loader |
Affected:
3.7 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alpha5 Smart Loader",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "3.7 and prior"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alpha5 Smart Loader",
"version": {
"version_data": [
{
"version_value": "3.7 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105411"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14794",
"datePublished": "2018-10-01T13:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T17:14:37.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14788 (GCVE-0-2018-14788)
Vulnerability from nvd – Published: 2018-10-01 13:00 – Updated: 2024-09-17 01:35
VLAI?
Summary
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types.
Severity ?
No CVSS data available.
CWE
- CWE-120 - BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Alpha5 Smart Loader |
Affected:
3.7 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alpha5 Smart Loader",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "3.7 and prior"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alpha5 Smart Loader",
"version": {
"version_data": [
{
"version_value": "3.7 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105411"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14788",
"datePublished": "2018-10-01T13:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T01:35:37.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14794 (GCVE-0-2018-14794)
Vulnerability from nvd – Published: 2018-10-01 13:00 – Updated: 2024-09-16 17:14
VLAI?
Summary
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Alpha5 Smart Loader |
Affected:
3.7 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alpha5 Smart Loader",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "3.7 and prior"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alpha5 Smart Loader",
"version": {
"version_data": [
{
"version_value": "3.7 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105411"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14794",
"datePublished": "2018-10-01T13:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T17:14:37.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}