Your one-stop web resource providing safety and security information to manufacturers

Fuji Electric released new firmware to mitigate a classic buffer overflow in its V-Server Lite, according to a report from NCCIC.

Successful exploitation of this vulnerability, discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative, could allow a remote attacker to view sensitive information and disrupt the availability of the device.

RELATED STORIES
Fuji Electric Fixes V-Server Software
Ice Qube Clears Thermal Management Center Holes
Opto22 Mitigates Buffer Overflow
Martem Updates TELEM-GW6/GWM Fix

A data collection and management service, V-Server Lite 4.0.3.0 and prior suffer from the remotely exploitable vulnerability.

A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code.

Schneider Bold

CVE-2018-10637 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Japan-based Fuji Electric produced firmware update v4.0.4.0.

Pin It on Pinterest

Share This