CVE-2021-38401
published 2021-12-20CVE-2021-38401: Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.92%
55.8th percentile
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fuji_electric | tellus_lite_v-simulator | >= unspecified < 4.0.12.0 | 4.0.12.0 |
| fuji_electric | v-server_lite | >= unspecified < 4.0.12.0 | 4.0.12.0 |
| fujielectric | v-server | < 4.0.12.0 | 4.0.12.0 |
| fujielectric | v-simulator | < 4.0.12.0 | 4.0.12.0 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Fuji Electric Tellus Lite V-Simulator and V-Server Lite
cisa_ics·2021-10-28·CVSS 7.8
[HIGH] Fuji Electric Tellus Lite V-Simulator and V-Server Lite
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Fuji Electric Tellus Lite V-Simulator and V-Server Lite
Last RevisedOctober 28, 2021
Alert CodeICSA-21-299-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Fuji Electric
- Equipment: Tellus Lite V-Simulator, and V-Server Lite
- Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer, Heap-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause data corruption, read sensitive
GHSA
GHSA-vh53-pj8h-4mgx: Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4
ghsa_unreviewed·2021-12-21
CVE-2021-38401 [HIGH] CWE-822 GHSA-vh53-pj8h-4mgx: Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-20
Published