Lucene search

IcscertCVE-2024-5597

HistoryJun 10, 2024 - 5:16 p.m.

CVE-2024-5597

2024-06-1017:16:35

CWE-843

icscert

web.nvd.nist.gov

fuji electric monitouch

v-sft

type confusion

vulnerability

code execution

crash

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.002

Percentile

59.3%

JSON

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.

Affected configurations

Nvd

Node

fujielectricmonitouch_v-sftRange<6.2.3.0

VendorProductVersionCPE
fujielectricmonitouch_v-sft*cpe:2.3:a:fujielectric:monitouch_v-sft:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fujielectric	monitouch_v-sft	*	cpe:2.3:a:fujielectric:monitouch_v-sft::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Monitouch V-SFT",
    "vendor": "Fuji Electric",
    "versions": [
      {
        "lessThan": "6.2.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-151-02

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.002

Percentile

59.3%

JSON

Related for CVE-2024-5597