Lucene search

K
cve[email protected]CVE-2021-22641
HistoryJan 27, 2021 - 8:15 p.m.

CVE-2021-22641

2021-01-2720:15:13
CWE-122
CWE-787
web.nvd.nist.gov
33
4
cve-2021-22641
buffer overflow
tellus lite
v-simulator
v-server lite
security vulnerability
code execution
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.8%

A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

Affected configurations

NVD
Node
fujielectricv-serverRange<4.0.10.0lite
OR
fujielectricv-simulatorRange<4.0.10.0lite

CNA Affected

[
  {
    "product": "Tellus Lite V-Simulator and V-Server Lite",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 4.0.10.0"
      }
    ]
  }
]

Social References

More

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.8%

Related for CVE-2021-22641