Fuji Electric Fixes V-Server Software

Wednesday, September 12, 2018 @ 08:09 AM gHale

Fuji Electric released new software to mitigate multiple vulnerabilities in its V-Server, according to a report with NCCIC.

The vulnerabilities are use-after free, untrusted pointer dereference, heap-based buffer overflow, out-of-bounds write, integer underflow, out-of-bounds Read, and stack-based buffer overflow.

RELATED STORIES
Ice Qube Clears Thermal Management Center Holes
Opto22 Mitigates Buffer Overflow
Martem Updates TELEM-GW6/GWM Fix
Philips Mitigation Plan for e-Alert Unit

Successful exploitation of these remotely exploitable vulnerabilities, discovered by Steven Seeley (mr_me) of Source Incite working with Trend Micro’s Zero Day Initiative, could allow for remote code execution on the device, causing a denial of service condition or information exposure. Public exploits are available. In addition, an attacker with low skill level could leverage the vulnerabilities.

A data collection and management service, V-Server VPR 4.0.3.0 and prior suffer from the vulnerabilities.

A use after free vulnerability has been identified, which may allow remote code execution.

CVE-2018-14809 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

There are multiple untrusted pointer dereference vulnerabilities identified, which may allow remote code execution.

CVE-2018-14811 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

A heap-based buffer overflow vulnerability has also been identified, which may allow remote code execution.

CVE-2018-14813 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.

CVE-2018-14815 has been assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

An integer underflow vulnerability has been identified, which may allow remote code execution.

CVE-2018-14817 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

An out-of-bounds read vulnerability has been identified, which may allow remote code execution.

CVE-2018-14819 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVE-2018-14823 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.

Japan-basesd Fuji Electric released Version 4.0.4.0 of the software (login required).



Leave a Reply

You must be logged in to post a comment.