Fuji Electric created a patch to mitigate an improper restriction of operations within the bounds of a memory buffer vulnerability in its V-Server product, according to a report with ICS-CERT.
V-Server Version 126.96.36.199 and prior, a data collection and management service, suffer from the remotely exploitable vulnerability, discovered by Ariele Caltabiano working with Trend Micro’s Zero Day Initiative.
Successful exploitation of this memory corruption vulnerability could allow an attacker to remotely execute arbitrary code.
No known public exploits specifically target this vulnerability. However, a high skill level is needed to exploit.
A memory corruption vulnerability has been identified, which may allow remote code execution.
CVE-2017-9639 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.
The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.
Click here for the patch Fuji Electric created.