JVNVU#90448293: Multiple vulnerabilities in FUJI Electric V-SFT (April 2026)

Overview

V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities.

V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below.

Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom (CWE-121)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-32925
Out-of-bounds read in VS6ComFile!load_link_inf (CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-32926
Out-of-bounds read in VS6MemInIF!set_temp_type_default (CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-32927
Stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem (CWE-121)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-32928
Out-of-bounds read in VS6ComFile!get_macro_mem_COM (CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-32929

Opening a crafted V7 file may lead to information exposure or arbitrary code execution on the affected product.

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor	Link
FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.	The improvement information on V-SFT-6 Ver.V6.2.11.0 No 2640H15

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.