All the vulnerabilites related to FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. - V-SFT
cve-2024-38309
Vulnerability from cvelistv5
Published
2024-11-28 02:10
Modified
2024-11-29 20:52
Summary
There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
Impacted products
Vendor Product Version
FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. TELLUS Version: v4.0.19.0 and earlier
FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. TELLUS Lite Version: v4.0.19.0 and earlier
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "v-sft",
                  vendor: "fujielectric",
                  versions: [
                     {
                        lessThanOrEqual: "6.2.2.0",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "tellus",
                  vendor: "fujielectric",
                  versions: [
                     {
                        lessThanOrEqual: "4.0.19.0",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "tellus_lite",
                  vendor: "fujielectric",
                  versions: [
                     {
                        lessThanOrEqual: "4.0.19.0",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "LOCAL",
                     availabilityImpact: "HIGH",
                     baseScore: 7.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-38309",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-29T20:52:06.033925Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-29T20:52:09.295Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "V-SFT",
               vendor: "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "v6.2.2.0 and earlier",
                  },
               ],
            },
            {
               product: "TELLUS",
               vendor: "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "v4.0.19.0 and earlier",
                  },
               ],
            },
            {
               product: "TELLUS Lite",
               vendor: "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "v4.0.19.0 and earlier",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier).\r\nIf a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "Stack-based buffer overflow",
                     lang: "en-US",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-28T02:10:32.213Z",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               url: "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
            },
            {
               url: "https://jvn.jp/en/vu/JVNVU97531313/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2024-38309",
      datePublished: "2024-11-28T02:10:32.213Z",
      dateReserved: "2024-06-19T15:02:02.236Z",
      dateUpdated: "2024-11-29T20:52:09.295Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}