Fuji Electric Fixes Energy Savings Estimator

Wednesday, October 10, 2018 @ 01:10 PM gHale

Fuji Electric has new software to mitigate an uncontrolled search path element in its Fuji Electric Energy Savings Estimator, according to a report with NCCIC.

Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected system with the same privileges as the application that loaded the malicious DLL.

RELATED STORIES
Siemens Clears ROX II Vulnerabilities
New Firmware Fixes SCALANCE W1750D
Siemens Fixes SIMATIC S7-1200 CPU Family
Siemens Clears SIMATIC Holes

A software management platform, Fuji Electric Energy Savings Estimator Versions V.1.0.2.0 and prior suffer from the vulnerability, discovered by researcher Karn Ganeshen.

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.

CVE-2018-14812 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use mainly in the critical manufacturing sector, and on a global basis.

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely and a high skill level is needed to exploit.

Fuji Electric released Version V.1.0.2.1 of the software.



Leave a Reply

You must be logged in to post a comment.