CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-22641 – Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22641
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). Se ha identificado un problema de desbordamiento del búfer en la región heap de la memoria en la manera en que la aplicación procesa archivos de proyecto, permitiendo a un atacante diseñar un archivo de proyecto especial que puede permitir una ejecución de código arbitraria en el Tellus Lite V-Simulator y V-Server Lite (versiones anteriores a 4.0.10.0) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01 https://www.zerodayinitiative.com/advisories/ZDI-21-099 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22653
https://notcve.org/view.php?id=CVE-2021-22653
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). Se han identificado múltiples problemas de escritura fuera de límites en la manera en que la aplicación procesa archivos de proyecto, permitiendo a un atacante diseñar un archivo de proyecto especial que puede permitir una ejecución de código arbitraria en el Tellus Lite V-Simulator y V-Server Lite (versiones anteriores a 4.0.10.0) • https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25171 – Fuji Electric V-Server Lite
https://notcve.org/view.php?id=CVE-2020-25171
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Las versiones afectadas de Fuji Electric V-Server Lite anteriores a 3.3.24.0, son vulnerables a una escritura fuera de límites, lo que puede permitir a un atacante ejecutar código arbitrario remotamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10646 – Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10646
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. Fuji Electric V-Server Lite todas las versiones anteriores a 4.0.9.0, contiene un desbordamiento de búfer en la región heap de la memoria. El búfer asignado para leer datos, cuando se analizan archivos VPR, es muy pequeño. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. • https://www.us-cert.gov/ics/advisories/icsa-20-098-04 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2019-18240 – Fuji Electric V-Server VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-18240
In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. En Fuji Electric V-Server versión 4.0.6 y anteriores, se han identificado varios desbordamientos de búfer en la región heap de la memoria, lo que puede permitir a un atacante ejecutar código arbitrario remotamente. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. • https://www.us-cert.gov/ics/advisories/icsa-19-311-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •