CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13512 – Fuji Electric FRENIC Loader FN1 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-13512
Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. Fuji Electric FRENIC Loader versión 3.5.0.0 y anteriores, es susceptible a una vulnerabilidad de lectura fuera de límites, lo que puede permitir a un atacante leer información limitada desde el dispositivo. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric FRENIC Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FN1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://www.us-cert.gov/ics/advisories/icsa-19-213-02 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3947
https://notcve.org/view.php?id=CVE-2019-3947
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server anterior 6.0.33.0 almacena credenciales en archivos de proyecto como plaintext un atacante que puede obtener accesos para los archivos de proyecto puede recuperar las credenciales de bases de datos y conseguir acceso a la base de datos del servidor • http://www.securityfocus.com/bid/108740 https://www.tenable.com/security/research/tra-2019-27 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3946
https://notcve.org/view.php?id=CVE-2019-3946
Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. El Fuji Electric V-Server anterior a versión 6.0.33.0, es vulnerable a la denegación de servicio por medio de un mensaje UDP creado en el puerto 8005. Un atacante remoto no identificado puede bloquear el archivo vserver.exe debido a un desbordamiento de enteros en la lógica de manejo de mensajes UDP. • http://www.securityfocus.com/bid/108740 https://www.tenable.com/security/research/tra-2019-27 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10975 – Fuji Electric Alpha7 PC Loader A7P File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10975
An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system. Una vulnerabilidad de lectura fuera de los límites ha sido identificada en Alpha7 PC Loader versiones 1.1 y anteriores de Fuji Electric, lo que puede bloquear el sistema. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Alpha7. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of A7P files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://www.securityfocus.com/bid/108359 https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1&site=global&lang=en&documentGroup=software https://www.us-cert.gov/ics/advisories/ICSA-19-136-02%2C https://www.zerodayinitiative.com/advisories/ZDI-19-517 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14812
https://notcve.org/view.php?id=CVE-2018-14812
An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. Se ha identificado una vulnerabilidad de elemento de búsqueda no controlado (secuestro de DLL) en Fuji Electric Energy Savings Estimator en versiones V.1.0.2.0 y anteriores. La explotación de esta vulnerabilidad podría otorgar al atacante acceso al sistema con el mismo nivel de privilegios que la aplicación que emplea el DLL malicioso. • http://www.securityfocus.com/bid/105543 https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07 • CWE-427: Uncontrolled Search Path Element •