Fuji Electric released a new version to mitigate a heap-based buffer overflow in its V-Server, according to a report with CISA.

Successful exploitation of this vulnerability could crash the device being accessed. Several heap-based buffer overflows have been identified. A data collection and management service, V-Server 4.0.6 and prior suffer from the issue, discovered by kimiya of 9SG, working with Trend Micro’s Zero Day Initiative.

In the vulnerability, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.

CVE-2019-18240 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use mainly in the critical manufacturing sector, and on a global basis.

Schneider Bold

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Japan-based Fuji Electric released Version to mitigate the vulnerability.

Pin It on Pinterest

Share This