CVE-2022-21168 – ICSA-22-090-03 Fuji Electric Alpha5
https://notcve.org/view.php?id=CVE-2022-21168
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. El producto afectado es vulnerable debido a una inicialización de puntero no válida, que puede conllevar a una divulgación de información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of C5V files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-03 • CWE-824: Access of Uninitialized Pointer •
CVE-2021-38401 – Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference
https://notcve.org/view.php?id=CVE-2021-38401
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un acceso de puntero no inicializado, que puede permitir a un atacante ejecutar código arbitrario y causar un bloqueo de la aplicación • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-822: Untrusted Pointer Dereference •
CVE-2021-38409 – Fuji Electric Tellus Lite V-Simulator uninitialized pointer
https://notcve.org/view.php?id=CVE-2021-38409
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un acceso de puntero no inicializado, que puede permitir a un atacante leer o escribir en ubicaciones de memoria no esperadas, conllevando a una denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-824: Access of Uninitialized Pointer •
CVE-2021-38413 – Fuji Electric Tellus Lite V-Simulator stack based buffer overflow
https://notcve.org/view.php?id=CVE-2021-38413
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un desbordamiento del búfer en la región stack de la memoria, que puede permitir a un atacante una ejecución de código This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator module. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-121: Stack-based Buffer Overflow •
CVE-2021-38415 – Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
https://notcve.org/view.php?id=CVE-2021-38415
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code. Fuji Electric V-Server Lite y Tellus Lite V-Simulator versiones anteriores a 4.0.12.0, son vulnerables a un desbordamiento del búfer en la región heap de la memoria cuando analizan un archivo de proyecto especialmente diseñado, que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files within the V-Simulator module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01 • CWE-122: Heap-based Buffer Overflow •