Main Vulnerability Database SB2017081004

SB2017081004 - Multiple vulnerabilities in Fuji Electric Monitouch V-SFT

Published: August 10, 2017 Updated: August 15, 2017

Security Bulletin ID SB2017081004

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2017-9659)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user

Successful exploitation of the vulnerability may result in system compromise.

2) Heap-based buffer overflow (CVE-ID: CVE-2017-9660)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

3) Privilege escalation (CVE-ID: CVE-2017-9662)

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to improper access controls. A local attacker can escalate privileges on the target system.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04