Lucene search

IcscertCVE-2024-5271

HistoryMay 30, 2024 - 8:15 p.m.

CVE-2024-5271

2024-05-3020:15:09

CWE-787

icscert

web.nvd.nist.gov

cve-2024-5271

type confusion

arbitrary code execution

nvd

security vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.001

Percentile

32.5%

JSON

Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a
type confusion, which could result in arbitrary code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Monitouch V-SFT",
    "vendor": "Fuji Electric",
    "versions": [
      {
        "lessThan": "6.2.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-151-02

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.001

Percentile

32.5%

JSON

Related for CVE-2024-5271