Fuji Electric Tellus Lite V-Simulator uninitialized pointer
CVE-2021-38409

7.8HIGH

Key Information:

Vendor: Fuji Electric
Status: V-server Lite; Tellus Lite V-simulator
Vendor: CVE Published:; 20 December 2021

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2021-38409?

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.

Affected Version(s)

Tellus Lite V-Simulator < 4.0.12.0

V-Server Lite < 4.0.12.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2021
Vulnerability Reserved
Aug 10, 2021

Credit

kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.

JSON