Severity
High
Analysis Summary
CVE-2024-38658 CVSS:7.8
There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
CVE-2024-38389 CVSS:7.8
There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
CVE-2024-38309 CVSS:7.8
There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
Impact
- Code Execution
- Buffer Overflow
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-38658
- CVE-2024-38389
- CVE-2024-38309
Affected Vendors
Affected Products
- Fuji Electric V-Server v4.0.19.0
- Fuji Electric V-Server Lite v4.0.19.0
- Fuji Electric TELLUS v4.0.19.0
- Fuji Electric TELLUS Lite v4.0.19.0
- Fuji Electric V-SFT v6.2.2.0
Remediation
Refer to Fuji Electric Security Advisory for patch, upgrade, or suggested workaround information.