fkie_nvd - fkie_cve-2025-50130

fkie_cve-2025-50130

Vulnerability from fkie_nvd

Published

2025-07-08 13:15

Modified

2025-07-08 16:18

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execution.

References

▶	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU94011267/
	vultures@jpcert.or.jp	https://monitouch.fujielectric.com/site/download-e/03tellus_inf/Search.php
	vultures@jpcert.or.jp	https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD.\r\nOpening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en el mont\u00f3n en VS6Sim.exe, incluido en V-SFT y TELLUS, proporcionados por FUJI ELECTRIC CO., LTD. Abrir archivos V9 o X1 especialmente manipulados por un atacante en el producto afectado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2025-50130",
  "lastModified": "2025-07-08T16:18:14.207",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-08T13:15:33.710",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/vu/JVNVU94011267/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/Search.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Primary"
    }
  ]
}

CVE-2025-50130 (GCVE-0-2025-50130)

Vulnerability from cvelistv5

Published

2025-07-08 12:59

Modified

2025-07-08 13:33

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-122 - Heap-based buffer overflow

Summary

References

►

URL

Tags

	https://jvn.jp/en/vu/JVNVU94011267/
	https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php
	https://monitouch.fujielectric.com/site/download-e/03tellus_inf/Search.php

Impacted products

Vendor

Product

Version

►

FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.

V-SFT-6

Version: v6.2.5.0 and earlier

FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.

TELLUS

Version: v4.0.20.0 and earlier

Show details on NVD website