New Firmware for Fuji V-Server VPR

Thursday, February 1, 2018 @ 03:02 PM gHale


Fuji Electric has new firmware to mitigate a stack-based buffer overflow in its V-Server VPR, according to a report with ICS-CERT.

A data collection and management service, V-Server VPR 4.0.1.0 and prior suffer from the remotely exploitable vulnerability discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative.

RELATED STORIES
3S-Smart Software Patch Ready
Gemalto Sentinel License Manager
Siemens Clears TeleControl Holes
Phoenix Contact Clears mGuard Hole

Successful exploitation of this vulnerability could allow a remote attacker to view sensitive information and disrupt the availability of the device.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVE-2018-5442 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.

Japan-based Fuji Electric produced firmware 4.0.3.0 to mitigate the issue.



Leave a Reply

You must be logged in to post a comment.