Fuji Electric released new firmware to mitigate a classic buffer overflow in its V-Server Lite, according to a report from NCCIC.
Successful exploitation of this vulnerability, discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative, could allow a remote attacker to view sensitive information and disrupt the availability of the device.
A data collection and management service, V-Server Lite 188.8.131.52 and prior suffer from the remotely exploitable vulnerability.
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code.
CVE-2018-10637 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.
The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Japan-based Fuji Electric produced firmware update v184.108.40.206.