Vulnerabilites related to fujielectric - v-sft
cve-2022-29506
Vulnerability from cvelistv5
Published
2022-06-14 07:05
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php | x_refsource_MISC | |
| https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU93134398/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. | V-SFT |
Version: v6.1.3.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93134398/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-SFT",
"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v6.1.3.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor \u0027V-SFT\u0027 v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU93134398/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-SFT",
"version": {
"version_data": [
{
"version_value": "v6.1.3.0 and earlier"
}
]
}
}
]
},
"vendor_name": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor \u0027V-SFT\u0027 v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php",
"refsource": "MISC",
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"name": "https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php",
"refsource": "MISC",
"url": "https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php"
},
{
"name": "https://jvn.jp/en/vu/JVNVU93134398/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU93134398/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29506",
"datePublished": "2022-06-14T07:05:41",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29925
Vulnerability from cvelistv5
Published
2022-06-14 07:05
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU99188133/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. | V-SFT |
Version: versions prior to v6.1.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-SFT",
"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.1.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Access of Uninitialized Pointer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:47",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-SFT",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.1.6.0"
}
]
}
}
]
},
"vendor_name": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php",
"refsource": "MISC",
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"name": "https://jvn.jp/en/vu/JVNVU99188133/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29925",
"datePublished": "2022-06-14T07:05:47",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29522
Vulnerability from cvelistv5
Published
2022-06-14 07:05
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU99188133/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. | V-SFT |
Version: versions prior to v6.1.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-SFT",
"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.1.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-SFT",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.1.6.0"
}
]
}
}
]
},
"vendor_name": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php",
"refsource": "MISC",
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"name": "https://jvn.jp/en/vu/JVNVU99188133/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29522",
"datePublished": "2022-06-14T07:05:44",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43448
Vulnerability from cvelistv5
Published
2023-01-03 00:00
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-SFT and TELLUS |
Version: V-SFT v6.1.7.0 and earlier, and TELLUS v4.0.12.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-SFT and TELLUS",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V-SFT v6.1.7.0 and earlier, and TELLUS v4.0.12.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43448",
"datePublished": "2023-01-03T00:00:00",
"dateReserved": "2022-12-26T00:00:00",
"dateUpdated": "2024-08-03T13:32:58.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46360
Vulnerability from cvelistv5
Published
2023-01-03 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. | V-SFT and TELLUS |
Version: V-SFT v6.1.7.0 and earlier, and TELLUS v4.0.12.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-SFT and TELLUS",
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V-SFT v6.1.7.0 and earlier, and TELLUS v4.0.12.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-46360",
"datePublished": "2023-01-03T00:00:00",
"dateReserved": "2022-12-26T00:00:00",
"dateUpdated": "2024-08-03T14:31:46.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26302
Vulnerability from cvelistv5
Published
2022-06-14 07:05
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU99188133/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. | V-SFT |
Version: versions prior to v6.1.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V-SFT",
"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.1.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:34",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-SFT",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.1.6.0"
}
]
}
}
]
},
"vendor_name": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php",
"refsource": "MISC",
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"name": "https://jvn.jp/en/vu/JVNVU99188133/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26302",
"datePublished": "2022-06-14T07:05:34",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-06-14 09:15
Modified
2024-11-21 06:53
Severity ?
Summary
Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | v-sft | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B104291-BD53-441A-8F0C-4FD67998B280",
"versionEndExcluding": "6.1.6.0",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
},
{
"lang": "es",
"value": "Se presenta un desbordamiento de b\u00fafer en la Regi\u00f3n Heap de la Memoria en el m\u00f3dulo simulador contenido en las versiones del editor gr\u00e1fico \"V-SFT\" versiones anteriores a v6.1.6.0, que puede permitir a un atacante obtener informaci\u00f3n y/o ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo de imagen especialmente dise\u00f1ado"
}
],
"id": "CVE-2022-26302",
"lastModified": "2024-11-21T06:53:43.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T09:15:09.370",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-03 03:15
Modified
2024-11-21 07:26
Severity ?
Summary
Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU90679513/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU90679513/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus | * | |
| fujielectric | v-sft | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54E057F2-9599-4F82-AA14-1E8D245E329D",
"versionEndExcluding": "4.0.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31F894B3-5C8D-4DCE-AB0C-216931A1E1A8",
"versionEndExcluding": "6.1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file."
},
{
"lang": "es",
"value": "Vulnerabilidad de escritura fuera de los l\u00edmites en V-SFT v6.1.7.0 y anteriores y TELLUS v4.0.12.0 y anteriores permite a un atacante local obtener informaci\u00f3n y/o ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo especialmente manipulado archivo de imagen."
}
],
"id": "CVE-2022-43448",
"lastModified": "2024-11-21T07:26:30.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-03T03:15:10.347",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 09:15
Modified
2024-11-21 06:59
Severity ?
Summary
Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU93134398/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php | Release Notes, Vendor Advisory | |
| vultures@jpcert.or.jp | https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU93134398/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | v-server | * | |
| fujielectric | v-server | * | |
| fujielectric | v-sft | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8DEBCE19-6F6B-4759-94CD-28BC07DE44BB",
"versionEndExcluding": "4.0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "5CD30EBE-44A0-4DBC-A0C5-23BBC1D6B4FF",
"versionEndExcluding": "4.0.13.0a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6341937E-A481-4A09-9432-3278A4EA08FD",
"versionEndExcluding": "6.1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor \u0027V-SFT\u0027 v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en el m\u00f3dulo simulador contenido en el editor gr\u00e1fico \"V-SFT\" versiones v6.1.3.0 y anteriores, que puede permitir a un atacante obtener informaci\u00f3n y/o ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo de imagen especialmente dise\u00f1ado"
}
],
"id": "CVE-2022-29506",
"lastModified": "2024-11-21T06:59:12.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T09:15:09.573",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU93134398/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU93134398/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 09:15
Modified
2024-11-21 06:59
Severity ?
Summary
Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | v-sft | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6341937E-A481-4A09-9432-3278A4EA08FD",
"versionEndExcluding": "6.1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de acceso de puntero no inicializado en el m\u00f3dulo simulador contenido en el editor gr\u00e1fico \"V-SFT\" de versiones anteriores a la v6.1.6.0, que puede permitir a un atacante obtener informaci\u00f3n y/o ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo de imagen especialmente dise\u00f1ado"
}
],
"id": "CVE-2022-29925",
"lastModified": "2024-11-21T06:59:58.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T09:15:09.743",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 09:15
Modified
2024-11-21 06:59
Severity ?
Summary
Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | v-server | * | |
| fujielectric | v-server | * | |
| fujielectric | v-sft | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8DEBCE19-6F6B-4759-94CD-28BC07DE44BB",
"versionEndExcluding": "4.0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "5CD30EBE-44A0-4DBC-A0C5-23BBC1D6B4FF",
"versionEndExcluding": "4.0.13.0a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6341937E-A481-4A09-9432-3278A4EA08FD",
"versionEndExcluding": "6.1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de uso de memoria previamente liberada en el m\u00f3dulo simulador contenido en el editor gr\u00e1fico \"V-SFT\" versiones anteriores a v6.1.6.0, que puede permitir a un atacante obtener informaci\u00f3n y/o ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo de imagen especialmente dise\u00f1ado"
}
],
"id": "CVE-2022-29522",
"lastModified": "2024-11-21T06:59:15.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T09:15:09.657",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-03 03:15
Modified
2024-11-21 07:30
Severity ?
Summary
Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU90679513/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU90679513/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus | * | |
| fujielectric | v-sft | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54E057F2-9599-4F82-AA14-1E8D245E329D",
"versionEndExcluding": "4.0.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31F894B3-5C8D-4DCE-AB0C-216931A1E1A8",
"versionEndExcluding": "6.1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en V-SFT v6.1.7.0 y anteriores y TELLUS v4.0.12.0 y anteriores permite a un atacante local obtener informaci\u00f3n y/o ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo especialmente manipulado archivo de imagen."
}
],
"id": "CVE-2022-46360",
"lastModified": "2024-11-21T07:30:27.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-03T03:15:10.807",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU90679513/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}