Fuji Electric has new firmware to mitigate a stack-based buffer overflow in its V-Server VPR, according to a report with ICS-CERT.
A data collection and management service, V-Server VPR 18.104.22.168 and prior suffer from the remotely exploitable vulnerability discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative.
Successful exploitation of this vulnerability could allow a remote attacker to view sensitive information and disrupt the availability of the device.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-5442 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.
Japan-based Fuji Electric produced firmware 22.214.171.124 to mitigate the issue.