Published:2023/06/02  Last Updated:2023/06/02

JVNVU#97809354
Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader

Overview

FUJI ELECTRIC FRENIC RHC Loader contains multiple vulnerabilities.

Products Affected

  • FRENIC RHC Loader v1.1.0.3 and earlier

Description

FRENIC RHC Loader provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below.

  • Stack-based buffer overflow (CWE-121) - CVE-2023-29160
    CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8
  • Out-of-bounds read (CWE-125) - CVE-2023-29167
    CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8
  • Improper restriction of XML external entity reference (CWE-611) - CVE-2023-29498
    CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score: 5.5

Impact

CVE-2023-29160, CVE-2023-29167
If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.

CVE-2023-29498
If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
FUJI ELECTRIC CO., LTD. FRENIC RHC Loader Ver 1.3.0.1 Setup

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-29160
CVE-2023-29167
CVE-2023-29498
JVN iPedia