JVNVU#97809354
Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader
Overview
FUJI ELECTRIC FRENIC RHC Loader contains multiple vulnerabilities.
Products Affected
- FRENIC RHC Loader v1.1.0.3 and earlier
Description
FRENIC RHC Loader provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below.
- Stack-based buffer overflow (CWE-121) - CVE-2023-29160
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8 - Out-of-bounds read (CWE-125) - CVE-2023-29167
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8 - Improper restriction of XML external entity reference (CWE-611) - CVE-2023-29498
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score: 5.5
Impact
CVE-2023-29160, CVE-2023-29167
If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.
CVE-2023-29498
If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Link |
FUJI ELECTRIC CO., LTD. | FRENIC RHC Loader Ver 1.3.0.1 Setup |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2023-29160 |
CVE-2023-29167 |
|
CVE-2023-29498 |
|
JVN iPedia |
|