Fuji Electric Tellus Lite V-Simulator heap based buffer overflow
CVE-2021-38415

7.8HIGH

Key Information:

Vendor: Fuji Electric
Status: V-server Lite; Tellus Lite V-simulator
Vendor: CVE Published:; 20 December 2021

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2021-38415?

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.

Affected Version(s)

Tellus Lite V-Simulator < 4.0.12.0

V-Server Lite < 4.0.12.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2021
Vulnerability Reserved
Aug 10, 2021

Credit

kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl reported these vulnerabilities to CISA.

JSON