JVNVU#97809354
Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader

Overview

FUJI ELECTRIC FRENIC RHC Loader contains multiple vulnerabilities.

Products Affected

• FRENIC RHC Loader v1.1.0.3 and earlier

Description

FRENIC RHC Loader provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below.

• Stack-based buffer overflow (CWE-121) - CVE-2023-29160

  CVSS v3

  CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

  Base Score: 7.8

• Out-of-bounds read (CWE-125) - CVE-2023-29167

  CVSS v3

  CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

  Base Score: 7.8

• Improper restriction of XML external entity reference (CWE-611) - CVE-2023-29498

  CVSS v3

  CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

  Base Score: 5.5

Impact

CVE-2023-29160, CVE-2023-29167
If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.

CVE-2023-29498
If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.