JVNVU#97228144: Multiple vulnerabilities in V-SFT

Overview

V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities.

Products Affected

V-SFT-6 v6.2.5.0 and earlier

Description

V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below.

Free of Pointer not at Start of Buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function (CWE-761)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47749
Out-of-bounds Write in VS6MemInIF!set_temp_type_default function (CWE-787)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47750
Out-of-bounds Write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function (CWE-787)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47751
Out-of-bounds Write in VS6ComFile!MakeItemGlidZahyou function (CWE-787)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47752
Out-of-bounds Read in VS6EditData!CDrawSLine::GetRectArea function(CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47753
Out-of-bounds Read in VS6EditData!Conv_Macro_Data function (CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47754
Out-of-bounds Read in VS6EditData!VS4_SaveEnvFile function (CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47755
Out-of-bounds Read in VS6EditData!CGamenDataRom::set_mr400_strc function (CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47756
Out-of-bounds Read in VS6MemInIF.dll!set_plc_type_default function (CWE-125)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47757
Stack-based Buffer Overflow in VS6File!CTxSubFile::get_ProgramFile_name function (CWE-121)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47758
Stack-based Buffer Overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function (CWE-121)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47759
Stack-based Buffer Overflow in VS6MemInIF!set_temp_type_default function (CWE-121)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-47760

Impact

Opening specially crafted V7 files or V8 files may lead to the following impacts:

Affected system's abnormal end (ABEND)
Information disclosure
Arbitrary code execution

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.	Improvement information No. 2504H25

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2025-47749
	CVE-2025-47750
	CVE-2025-47751
	CVE-2025-47752
	CVE-2025-47753
	CVE-2025-47754
	CVE-2025-47755
	CVE-2025-47756
	CVE-2025-47757
	CVE-2025-47758
	CVE-2025-47759
	CVE-2025-47760
JVN iPedia

JVNVU#97228144 Multiple vulnerabilities in V-SFT