CVE-2017-9659 – Fuji Electric Monitouch V-SFT Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-9659
A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Se ha descubierto un problema de desbordamiento de búfer basado en pila en Fuji Electric Monitouch V-SFT en las versiones anteriores a la 5.4.43.0. Se ha identificado una vulnerabilidad de desbordamiento de búfer basado en pila, lo que podría provocar un bloqueo o permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Monitouch V-SFT. • http://www.securityfocus.com/bid/100265 http://www.zerodayinitiative.com/advisories/ZDI-17-643 http://www.zerodayinitiative.com/advisories/ZDI-17-644 https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9660 – Fuji Electric Monitouch V-SFT Project File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-9660
A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Se ha descubierto un problema de desbordamiento de búfer basado en memoria dinámica en Fuji Electric Monitouch V-SFT en las versiones anteriores a la 5.4.43.0. Se ha identificado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica, lo que podría provocar un bloqueo o permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Monitouch V-SFT. • http://www.securityfocus.com/bid/100265 http://www.zerodayinitiative.com/advisories/ZDI-17-645 https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9662 – Fuji Electric Monitouch V-SFT Insecure Configuration Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-9662
An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. Se ha descubierto un problema de gestión incorrecta de privilegios en Fuji Electric Monitouch V-SFT en las versiones anteriores a la 5.4.43.0. Monitouch V-SFT se instala en un directorio con controles de acceso por defecto débiles, lo que podría permitir que un atacante autenticado con acceso local escale privilegios. This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. • http://www.securityfocus.com/bid/100268 http://www.zerodayinitiative.com/advisories/ZDI-17-646 https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04 • CWE-269: Improper Privilege Management •