Severity
High
Analysis Summary
CVE-2024-5597 CVSS:7.8
Fuji Electric Monitouch V-SFT could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the parsing of V9 files. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37022 CVSS:7.8
Fuji Electric Tellus Lite V-Simulator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37029 CVSS:7.8
Fuji Electric Tellus Lite V-Simulator could allow a remote attacker to execute arbitrary code on the system, caused by an stack-based buffer overflow. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-5597
- CVE-2024-37022
- CVE-2024-37029
Affected Vendors
Affected Products
- Fuji Electric Monitouch V-SFT
- Fuji Electric Tellus Lite V-Simulator 0
Remediation
Upgrade to the latest version of Fuji Electric, available from the Fuji Electric Website.