With the help of vulnerabilities, an attacker can execute arbitrary code or cause a denial of service.
Fuji Electric V-Server software from Fuji Electric found a number of vulnerabilities that allow executing arbitrary code. The tool provides organizations with the ability to access programmable logic controllers from computers located in the corporate network. The systems are communicated via the Monitouch operator panel used to monitor the operation of the PLC.
Fuji Electric V-Server contains a total of seven vulnerabilities, including those associated with buffer overflow, with which the attacker can execute arbitrary code, cause a malfunction in the device or reveal important information.
A serious vulnerability was found in another Fuji Electric product – V-Server Lite. CVE-2018-10637 is a buffer overflow vulnerability, and, as in the previous case, allows executing malicious code, disabling devices or provoking data leakage.
The manufacturer has fixed the above mentioned vulnerabilities with the release of versions of Fuji Electric V-Server 220.127.116.11 and Fuji Electric V-Server Lite 18.104.22.168.