Lucene search

IcscertCVELIST:CVE-2021-38419

HistoryDec 20, 2021 - 8:08 p.m.

CVE-2021-38419 Fuji Electric Tellus Lite V-Simulator out of bounds write

2021-12-2020:08:50

CWE-787

icscert

www.cve.org

fuji electric

tellus lite v-simulator

out of bounds write

vulnerable

data corruption

system crash

code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.0%

JSON

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.

CNA Affected

[
  {
    "product": "V-Server Lite",
    "vendor": " Fuji Electric",
    "versions": [
      {
        "lessThan": "4.0.12.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Tellus Lite V-Simulator",
    "vendor": " Fuji Electric",
    "versions": [
      {
        "lessThan": "4.0.12.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-21-299-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.0%

JSON

Related for CVELIST:CVE-2021-38419