Fuji Electric Clears V-Server Lite Hole

Wednesday, September 12, 2018 @ 08:09 AM gHale

Fuji Electric released new firmware to mitigate a classic buffer overflow in its V-Server Lite, according to a report from NCCIC.

Successful exploitation of this vulnerability, discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative, could allow a remote attacker to view sensitive information and disrupt the availability of the device.

RELATED STORIES
Fuji Electric Fixes V-Server Software
Ice Qube Clears Thermal Management Center Holes
Opto22 Mitigates Buffer Overflow
Martem Updates TELEM-GW6/GWM Fix

A data collection and management service, V-Server Lite 4.0.3.0 and prior suffer from the remotely exploitable vulnerability.

A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code.

CVE-2018-10637 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Japan-based Fuji Electric produced firmware update v4.0.4.0.



Leave a Reply

You must be logged in to post a comment.