Fuji Mitigates Electric V-Server Issue

Tuesday, July 11, 2017 @ 04:07 PM gHale


Fuji Electric created a patch to mitigate an improper restriction of operations within the bounds of a memory buffer vulnerability in its V-Server product, according to a report with ICS-CERT.

V-Server Version 3.3.22.0 and prior, a data collection and management service, suffer from the remotely exploitable vulnerability, discovered by Ariele Caltabiano working with Trend Micro’s Zero Day Initiative.

RELATED STORIES
ABB Clears WiFi Logger Card Hole
Fix is in for PI Coresight
OSIsoft Fixes PI ProcessBook, PI ActiveView
Schweitzer Clears Hole in Gateways

Successful exploitation of this memory corruption vulnerability could allow an attacker to remotely execute arbitrary code.

No known public exploits specifically target this vulnerability. However, a high skill level is needed to exploit.

A memory corruption vulnerability has been identified, which may allow remote code execution.

CVE-2017-9639 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.

Click here for the patch Fuji Electric created.



Leave a Reply

You must be logged in to post a comment.