Fuji Electric has a new version to handle a stack-based buffer overflow vulnerability in its Alpha5 Smart Loader, according to a report with CISA.
Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. Natnael Samson (@NattiSamson), working with Trend Micro’s Zero Day Initiative, reported this vulnerability.
A servo drive, Alpha5 Smart Loader: All versions prior to 4.2 suffer from the issue.
Multiple buffer overflow issues have been identified. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.
CVE-2019-13520 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.
The product sees use in the commercial facilities and critical manufacturing sectors. The product sees action mainly in Europe and Asia.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.
Fuji Electric released Version 4.2 of the Alpha Loader software (login required).