Fuji Electric has new firmware to mitigate a stack-based buffer overflow in its V-Server VPR, according to a report with ICS-CERT.

A data collection and management service, V-Server VPR and prior suffer from the remotely exploitable vulnerability discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative.

3S-Smart Software Patch Ready
Gemalto Sentinel License Manager
Siemens Clears TeleControl Holes
Phoenix Contact Clears mGuard Hole

Successful exploitation of this vulnerability could allow a remote attacker to view sensitive information and disrupt the availability of the device.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Schneider Bold

The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVE-2018-5442 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.

Japan-based Fuji Electric produced firmware to mitigate the issue.

Pin It on Pinterest

Share This