All the vulnerabilites related to Fuji Electric - Tellus Lite V-Simulator
cve-2023-35127
Vulnerability from cvelistv5
Published
2023-11-22 00:44
Modified
2024-08-29 19:16
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:23:59.368Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02" }, { "tags": [ "x_transferred" ], "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35127", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-11-28T05:00:27.123789Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T19:16:01.866Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Tellus Lite V-Simulator", "vendor": "Fuji Electric", "versions": [ { "lessThan": "4.0.19.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA." } ], "datePublic": "2023-11-22T00:41:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n" } ], "value": "Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T00:44:26.650Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02" }, { "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Fuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "source": { "discovery": "EXTERNAL" }, "title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-35127", "datePublished": "2023-11-22T00:44:26.650Z", "dateReserved": "2023-08-18T17:42:07.395Z", "dateUpdated": "2024-08-29T19:16:01.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38413
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | V-Server Lite | |
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:49", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator stack based buffer overflow", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38413", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator stack based buffer overflow" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38413", "datePublished": "2021-12-20T20:08:49", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38421
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator out of bounds read
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | V-Server Lite | |
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.159Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:48", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator out of bounds read", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38421", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator out of bounds read" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125 Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38421", "datePublished": "2021-12-20T20:08:48", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.159Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3085
Vulnerability from cvelistv5
Published
2023-01-18 23:22
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Tellus Lite V-Simulator", "vendor": "Fuji Electric", "versions": [ { "lessThanOrEqual": " 4.0.12.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Kimiya" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n" } ], "value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-Based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-18T23:22:02.789Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e" } ], "value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-3085", "datePublished": "2023-01-18T23:22:02.789Z", "dateReserved": "2022-09-01T18:49:33.050Z", "dateUpdated": "2024-08-03T01:00:10.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38401
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | V-Server Lite | |
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822 - Untrusted pointer dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:47", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38401", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822 - Untrusted pointer dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38401", "datePublished": "2021-12-20T20:08:47", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:37:16.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37022
Vulnerability from cvelistv5
Published
2024-06-13 17:25
Modified
2024-08-02 03:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "tellus_lite_v-simulator", "vendor": "fujielectric", "versions": [ { "lessThan": "4.0.20.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37022", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-19T18:48:57.921592Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-19T18:51:44.189Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:43:50.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Tellus Lite V-Simulator", "vendor": "Fuji Electric", "versions": [ { "lessThan": "4.0.20.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA." } ], "datePublic": "2024-06-13T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:25:49.609Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e" } ], "value": "Fuji Electric recommends users update to v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ." } ], "source": { "advisory": "ICSA-24-165-14", "discovery": "EXTERNAL" }, "title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2024-37022", "datePublished": "2024-06-13T17:25:49.609Z", "dateReserved": "2024-06-06T17:39:34.310Z", "dateUpdated": "2024-08-02T03:43:50.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38415
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | V-Server Lite | |
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:48", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator heap based buffer overflow", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38415", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator heap based buffer overflow" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38415", "datePublished": "2021-12-20T20:08:48", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40152
Vulnerability from cvelistv5
Published
2023-11-22 00:42
Modified
2024-08-29 19:51
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02" }, { "tags": [ "x_transferred" ], "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40152", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-11-28T05:00:26.396580Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T19:51:44.689Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Tellus Lite V-Simulator", "vendor": "Fuji Electric", "versions": [ { "lessThan": "4.0.19.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA." } ], "datePublic": "2023-11-22T00:41:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.\u003c/span\u003e\n\n\u003c/span\u003e\n\n" } ], "value": "When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T00:42:49.608Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02" }, { "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Fuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "source": { "discovery": "EXTERNAL" }, "title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-40152", "datePublished": "2023-11-22T00:42:49.608Z", "dateReserved": "2023-08-18T17:42:07.401Z", "dateUpdated": "2024-08-29T19:51:44.689Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5299
Vulnerability from cvelistv5
Published
2023-11-22 00:41
Modified
2024-09-04 18:39
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator Improper Access Control
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:52:08.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02" }, { "tags": [ "x_transferred" ], "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-5299", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-11-28T05:00:25.665128Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-04T18:39:16.616Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Tellus Lite V-Simulator", "vendor": "Fuji Electric", "versions": [ { "lessThan": "4.0.19.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA." } ], "datePublic": "2023-11-22T00:41:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.\u003c/span\u003e\n\n" } ], "value": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-22T00:41:18.654Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02" }, { "url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Fuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a" } ], "source": { "discovery": "EXTERNAL" }, "title": "Fuji Electric Tellus Lite V-Simulator Improper Access Control", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-5299", "datePublished": "2023-11-22T00:41:18.654Z", "dateReserved": "2023-09-29T15:56:03.959Z", "dateUpdated": "2024-09-04T18:39:16.616Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38409
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator uninitialized pointer
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | V-Server Lite | |
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:46", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator uninitialized pointer", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38409", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator uninitialized pointer" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-824 Access of Uninitialized Pointer" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38409", "datePublished": "2021-12-20T20:08:46", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:37:16.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3087
Vulnerability from cvelistv5
Published
2023-01-16 23:46
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01 | government-resource |
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.773Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "government-resource", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Tellus Lite V-Simulator", "vendor": "Fuji Electric", "versions": [ { "lessThanOrEqual": " 4.0.12.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Kimiya" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\u003cbr\u003e\u003c/p\u003e" } ], "value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-16T23:46:24.860Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "government-resource" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e" } ], "value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-3087", "datePublished": "2023-01-16T23:46:24.860Z", "dateReserved": "2022-09-01T18:50:35.423Z", "dateUpdated": "2024-08-03T01:00:10.773Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37029
Vulnerability from cvelistv5
Published
2024-06-13 17:23
Modified
2024-08-02 03:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "tellus_lite_v-simulator", "vendor": "fujielectric", "versions": [ { "lessThan": "4.0.20.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37029", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:55:22.773512Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-19T18:51:36.731Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:43:50.796Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Tellus Lite V-Simulator", "vendor": "Fuji Electric", "versions": [ { "lessThan": "4.0.20.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA." } ], "datePublic": "2024-06-13T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.\n\n" } ], "value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:23:40.591Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e" } ], "value": "Fuji Electric recommends users update to v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ." } ], "source": { "advisory": "ICSA-24-165-14", "discovery": "EXTERNAL" }, "title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2024-37029", "datePublished": "2024-06-13T17:23:40.591Z", "dateReserved": "2024-06-06T17:39:34.317Z", "dateUpdated": "2024-08-02T03:43:50.796Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38419
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator out of bounds write
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Fuji Electric | V-Server Lite | |
Fuji Electric | Tellus Lite V-Simulator |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.450Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server Lite", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Tellus Lite V-Simulator", "vendor": " Fuji Electric", "versions": [ { "lessThan": "4.0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-20T20:08:50", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ], "solutions": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" }, "title": " Fuji Electric Tellus Lite V-Simulator out of bounds write", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38419", "STATE": "PUBLIC", "TITLE": " Fuji Electric Tellus Lite V-Simulator out of bounds write" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server Lite", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } }, { "product_name": "Tellus Lite V-Simulator", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.0.12.0" } ] } } ] }, "vendor_name": " Fuji Electric" } ] } }, "credit": [ { "lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787 Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01" } ] }, "solution": [ { "lang": "en", "value": "Fuji Electric recommends updating software to the latest version:\nTELLUS Lite software: Version 4.0.12.0 Disk1\nTELLUS Lite software: Version 4.0.12.0 Disk2\nV-Server Lite software: Version 4.0.12.0 Disk1\nV-Server Lite software: Version 4.0.12.0 Disk2" } ], "source": { "advisory": "ICSA-21-299-01", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38419", "datePublished": "2021-12-20T20:08:50", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }