Main Vulnerability Database SB2022090134

SB2022090134 - Multiple vulnerabilities in Fuji Electric D300win

Published: September 1, 2022

Security Bulletin ID SB2022090134

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-1738)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

2) Write-what-where Condition (CVE-ID: CVE-2022-1523)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a write-what-where condition. A remote attacker can overwrite program memory to manipulate the flow of information.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/icsa-22-242-05