ID
VAR-201809-0153
CVE
CVE-2018-14815
TITLE
Fuji Electric V-Server Vulnerable to out-of-bounds writing
Trust: 0.8
DESCRIPTION
Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Fuji Electric V-Server Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the V-Server process. Fuji Electric V-server is Fuji Electric Co., Ltd. to collect and manage real-time field data. Real-time monitoring of the plant from a remote location to solve problems without having to visit the site. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. An integer underflow vulnerability 6. V-Server 4.0.3.0 and prior are vulnerable
Trust: 3.96
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | fuji electric | model: | v-server | scope: | - | version: | - | Trust: 1.4 |
| vendor: | fujielectric | model: | v-server | scope: | lte | version: | 4.0.3.0 | Trust: 1.0 |
| vendor: | fuji electric | model: | v-server | scope: | lte | version: | 4.0.3.0 | Trust: 0.8 |
| vendor: | fuji | model: | electric v-server vpr | scope: | lte | version: | <=4.0.3.0 | Trust: 0.6 |
| vendor: | fujielectric | model: | v-server | scope: | eq | version: | 4.0.3.0 | Trust: 0.6 |
| vendor: | fuji | model: | electric v-server | scope: | eq | version: | 4.0.3.0 | Trust: 0.3 |
| vendor: | fuji | model: | electric v-server | scope: | eq | version: | 4.0.1.0 | Trust: 0.3 |
| vendor: | fuji | model: | electric v-server | scope: | eq | version: | 4.0.0.0 | Trust: 0.3 |
| vendor: | fuji | model: | electric v-server | scope: | eq | version: | 3.3.22.0 | Trust: 0.3 |
| vendor: | fuji | model: | electric v-server | scope: | ne | version: | 4.0.4.0 | Trust: 0.3 |
| vendor: | v server | model: | - | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Buffer error
Trust: 0.8
CONFIGURATIONS
PATCH
| title: | Fuji Electric has issued an update to correct this vulnerability. | url: | https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 | Trust: 1.4 |
| title: | トップページ | url: | https://www.fujielectric.co.jp/ | Trust: 0.8 |
| title: | Fuji Electric V-Server patch for out-of-bounds write vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/142221 | Trust: 0.6 |
| title: | Fuji Electric V-Server VPR Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84846 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-14815 | Trust: 5.0 |
| db: | ICS CERT | id: | ICSA-18-254-01 | Trust: 2.8 |
| db: | BID | id: | 105341 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-201809-579 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2018-20785 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2018-010416 | Trust: 0.8 |
| db: | ZDI_CAN | id: | ZDI-CAN-5881 | Trust: 0.7 |
| db: | ZDI | id: | ZDI-18-1015 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-5882 | Trust: 0.7 |
| db: | ZDI | id: | ZDI-18-1016 | Trust: 0.7 |
| db: | IVD | id: | E2FD6941-39AB-11E9-AEED-000C29342CB1 | Trust: 0.2 |
| db: | VULHUB | id: | VHN-125012 | Trust: 0.1 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-18-254-01 | Trust: 4.2 |
| url: | http://www.securityfocus.com/bid/105341 | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14815 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-14815 | Trust: 0.8 |
| url: | http://www.fujielectric.com/ | Trust: 0.3 |
CREDITS
Steven Seeley (mr_me) of Source Incite
Trust: 1.4
SOURCES
| db: | IVD | id: | e2fd6941-39ab-11e9-aeed-000c29342cb1 |
| db: | ZDI | id: | ZDI-18-1015 |
| db: | ZDI | id: | ZDI-18-1016 |
| db: | CNVD | id: | CNVD-2018-20785 |
| db: | VULHUB | id: | VHN-125012 |
| db: | BID | id: | 105341 |
| db: | JVNDB | id: | JVNDB-2018-010416 |
| db: | CNNVD | id: | CNNVD-201809-579 |
| db: | NVD | id: | CVE-2018-14815 |
LAST UPDATE DATE
2024-11-23T21:38:24.091000+00:00
SOURCES UPDATE DATE
| db: | ZDI | id: | ZDI-18-1015 | date: | 2018-09-12T00:00:00 |
| db: | ZDI | id: | ZDI-18-1016 | date: | 2018-09-12T00:00:00 |
| db: | CNVD | id: | CNVD-2018-20785 | date: | 2018-10-12T00:00:00 |
| db: | VULHUB | id: | VHN-125012 | date: | 2018-11-16T00:00:00 |
| db: | BID | id: | 105341 | date: | 2018-09-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-010416 | date: | 2018-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201809-579 | date: | 2018-09-13T00:00:00 |
| db: | NVD | id: | CVE-2018-14815 | date: | 2024-11-21T03:49:51.263 |
SOURCES RELEASE DATE
| db: | IVD | id: | e2fd6941-39ab-11e9-aeed-000c29342cb1 | date: | 2018-10-12T00:00:00 |
| db: | ZDI | id: | ZDI-18-1015 | date: | 2018-09-12T00:00:00 |
| db: | ZDI | id: | ZDI-18-1016 | date: | 2018-09-12T00:00:00 |
| db: | CNVD | id: | CNVD-2018-20785 | date: | 2018-10-12T00:00:00 |
| db: | VULHUB | id: | VHN-125012 | date: | 2018-09-26T00:00:00 |
| db: | BID | id: | 105341 | date: | 2018-09-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-010416 | date: | 2018-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201809-579 | date: | 2018-09-13T00:00:00 |
| db: | NVD | id: | CVE-2018-14815 | date: | 2018-09-26T20:29:00.620 |