JVNVU#99188133
Multiple vulnerabilities in Fuji Electric V-SFT
Overview
V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities.
Products Affected
- V-SFT versions prior to v6.1.6.0
Description
Multiple vulnerabilities listed below exist in the simulator module contained in the graphic editor "V-SFT" provided by FUJI ELECTRIC CO., LTD.
- Out-of-bounds Write (CWE-787) - CVE-2022-30538
- Out-of-bounds Read (CWE-125) - CVE-2022-30546
- Heap-based Buffer Overflow (CWE-122) - CVE-2022-26302
- Use After Free (CWE-416) - CVE-2022-29522
- Access of Uninitialized Pointer (CWE-824) - CVE-2022-29925
Impact
Exploiting these vulnerabilities by opening a specially crafted image file may result in the following impacts.
- Information disclosure
- Arbitrary code execution
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer released v6.1.6.0 which contains fixes for these vulnerabilities.
Refer to "Improvement information 2240H36" provided by the developer for more information.
Vendor Status
| Vendor | Link |
| FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. | Improvement information 2240H36 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-30538 |
|
CVE-2022-30546 |
|
|
CVE-2022-26302 |
|
|
CVE-2022-29522 |
|
|
CVE-2022-29925 |
|
| JVN iPedia |
|
Update History
- 2022/05/30
- Fixed the typo in the section [Description].