Fuji Electric has a software update to mitigate an out of bounds read vulnerability in its Alpha7 PC Loader, according to a report with NCCIC.
Successful exploitation of this vulnerability could crash the device. kimiya of 9SG Security Team, working with Trend Micro Zero Day Initiative, discovered the vulnerability.
Schneider Mitigations for Modicon Controllers
Omron Working on Network Configurator for DeviceNet Fix
Siemens Fixes NXG I, NXG II Drives
SIMATIC PCS 7, WinCC, TIA Portal Security Updates Ready
An attacker with low skill level could leverage the vulnerability.
A motor controller, Alpha7 PC Loader Versions 1.1 and prior suffer from the vulnerability.
In the vulnerability, an out-of-bounds read issue has been identified, which may crash the system.
CVE-2019-10975 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.3.
The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.
Japan-based Fuji Electric has released Version 1.2 of the software.