Fujielectric: >> V-Server Security Vulnerabilities
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVSS Score
7.8
EPSS Score
0.003
Published
2021-01-27
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVSS Score
7.8
EPSS Score
0.004
Published
2021-01-27
An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVSS Score
7.8
EPSS Score
0.002
Published
2021-01-27
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-04-13
In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-11-13
Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic.
CVSS Score
7.5
EPSS Score
0.015
Published
2019-06-12
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-12
Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.013
Published
2018-09-26
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.028
Published
2018-09-26
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.048
Published
2018-09-26