VAR-201810-0387
Vulnerability from variot - Updated: 2023-12-18 12:43Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. FujiElectricFRENICLoader and others are inverters of Fuji Electric Corporation of Japan. An out-of-bounds read vulnerability exists in several FujiElectric products. Multiple Fuji Electric FRENIC Devices are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information. The following products and versions are affected: Fuji Electric FRENIC Loader version 3.3; FRENIC-Mini (C1) version 7.3.4.1a; FRENIC-Mini (C2) version 7.3.4.1a; FRENIC-Eco version 7.3.4.1a; FRENIC-Multi Version 7.3.4.1a; FRENIC-MEGA Version 7.3.4.1a; FRENIC-AceA Version 7.3.4.1a
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "frenic loader 3.3",
"scope": "eq",
"trust": 1.6,
"vendor": "fujielectric",
"version": "7.3.4.1a"
},
{
"model": "electric frenic-mini 7.3.4.1a",
"scope": null,
"trust": 1.2,
"vendor": "fuji",
"version": null
},
{
"model": "electric frenic loader",
"scope": "eq",
"trust": 0.9,
"vendor": "fuji",
"version": "3.3"
},
{
"model": "frenic loader 3.3",
"scope": "eq",
"trust": 0.8,
"vendor": "fuji electric",
"version": "7.3.4.1a"
},
{
"model": "electric frenic-eco 7.3.4.1a",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "electric frenic-multi 7.3.4.1a",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "electric frenic-mega 7.3.4.1a",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "electric frenic-acea 7.3.4.1a",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "electric frenic-mini",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "0"
},
{
"model": "electric frenic-multi",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "electric frenic-mega",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "electric frenic-eco",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "electric frenic-ace",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "electric frenic loader 7.3.4.1a",
"scope": null,
"trust": 0.3,
"vendor": "fuji",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"db": "BID",
"id": "105408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujielectric:frenic_loader_3.3_firmware:7.3.4.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujielectric:frenic-ace:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:fujielectric:frenic-eco:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:fujielectric:frenic-multi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:fujielectric:frenic-mini\\(c2\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:fujielectric:frenic-mega:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:fujielectric:frenic-mini\\(c1\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Flanders and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "105408"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14798",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03311",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-124993",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-14798",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14798",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-03311",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1245",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-124993",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"db": "VULHUB",
"id": "VHN-124993"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. FujiElectricFRENICLoader and others are inverters of Fuji Electric Corporation of Japan. An out-of-bounds read vulnerability exists in several FujiElectric products. Multiple Fuji Electric FRENIC Devices are prone to multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information. The following products and versions are affected: Fuji Electric FRENIC Loader version 3.3; FRENIC-Mini (C1) version 7.3.4.1a; FRENIC-Mini (C2) version 7.3.4.1a; FRENIC-Eco version 7.3.4.1a; FRENIC-Multi Version 7.3.4.1a; FRENIC-MEGA Version 7.3.4.1a; FRENIC-AceA Version 7.3.4.1a",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"db": "BID",
"id": "105408"
},
{
"db": "VULHUB",
"id": "VHN-124993"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14798",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-270-03",
"trust": 2.8
},
{
"db": "BID",
"id": "105408",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1245",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-03311",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-124993",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"db": "VULHUB",
"id": "VHN-124993"
},
{
"db": "BID",
"id": "105408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
]
},
"id": "VAR-201810-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"db": "VULHUB",
"id": "VHN-124993"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03311"
}
]
},
"last_update_date": "2023-12-18T12:43:50.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.fujielectric.com/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124993"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"db": "NVD",
"id": "CVE-2018-14798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-03"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105408"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14798"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14798"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"db": "VULHUB",
"id": "VHN-124993"
},
{
"db": "BID",
"id": "105408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"db": "VULHUB",
"id": "VHN-124993"
},
{
"db": "BID",
"id": "105408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"date": "2018-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-124993"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105408"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"date": "2018-10-01T13:29:00.690000",
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03311"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-124993"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105408"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011278"
},
{
"date": "2019-10-09T23:35:13.843000",
"db": "NVD",
"id": "CVE-2018-14798"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric FRENIC LOADER Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1245"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…