SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-435003563] Fuji Electric V-Server VPR

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-02-01OtherFuji ElectricAriele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative reported the vulnerability to NCCIC.N/ACVE-2018-5442 N/AN/AN/A

Source

						
							
								
#
# Fuji Electric V-Server VPR
#


### VULNERABLE VENDOR
Fuji Electric


### VULNERABLE PRODUCT
V-Server VPR 


### RESEARCHER
Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative reported the vulnerability to NCCIC.


### AFFECTED PRODUCTS
The following versions of V-Server VPR, a data collection and management service, are affected:

V-Server VPR 4.0.1.0 and prior


### IMPACT
Successful exploitation of this vulnerability could allow a remote attacker to view sensitive information and disrupt the availability of the device.


### VULNERABILITY OVERVIEW
STACK-BASED BUFFER OVERFLOW CWE-121
The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-5442 has been assigned to this vulnerability.
A CVSS v3 base score of 8.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)





### BACKGROUND
Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Japan




### MITIGATION

Fuji Electric has produced firmware 4.0.3.0 that can be obtained from:

https://felib.fujielectric.co.jp/download/details.htm?dataid=26385302&site=global&lang=en