CVE-2022-29506
https://notcve.org/view.php?id=CVE-2022-29506
Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. Se presenta una vulnerabilidad de lectura fuera de límites en el módulo simulador contenido en el editor gráfico "V-SFT" versiones v6.1.3.0 y anteriores, que puede permitir a un atacante obtener información y/o ejecutar código arbitrario haciendo que un usuario abra un archivo de imagen especialmente diseñado • https://jvn.jp/en/vu/JVNVU93134398/index.html https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php • CWE-125: Out-of-bounds Read •
CVE-2021-38401 – Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
https://notcve.org/view.php?id=CVE-2021-38401
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un acceso de puntero no inicializado, que puede permitir a un atacante ejecutar código arbitrario y causar un bloqueo de la aplicación • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-822: Untrusted Pointer Dereference •
CVE-2021-38409 – Fuji Electric Tellus Lite V-Simulator uninitialized pointer
https://notcve.org/view.php?id=CVE-2021-38409
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un acceso de puntero no inicializado, que puede permitir a un atacante leer o escribir en ubicaciones de memoria no esperadas, conllevando a una denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-824: Access of Uninitialized Pointer •
CVE-2021-38413 – Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
https://notcve.org/view.php?id=CVE-2021-38413
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un desbordamiento del búfer en la región stack de la memoria, que puede permitir a un atacante una ejecución de código This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator module. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-121: Stack-based Buffer Overflow •
CVE-2021-38415 – Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
https://notcve.org/view.php?id=CVE-2021-38415
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un desbordamiento del búfer en la región heap de la memoria cuando analizan un archivo de proyecto especialmente diseñado, que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files within the V-Simulator module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-122: Heap-based Buffer Overflow •