7.8
CVE-2021-38401
- EPSS 0.92%
- Veröffentlicht 20.12.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:17:00
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginFuji Electric Tellus Lite V-Simulator untrusted pointer dereference
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fujielectric ≫ V-server SwEditionlite Version < 4.0.12.0
Fujielectric ≫ V-simulator SwEditionlite Version < 4.0.12.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.92% | 0.555 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-822 Untrusted Pointer Dereference
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01