Primary

Context

Fuji Electric V-SFT and TELLUS Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in VS6Sim.exe, part of the V-SFT and TELLUS software suites from Fuji Electric. This vulnerability affects V-SFT versions through 6.2.5.0 and TELLUS versions through 4.0.20.0. The issue arises when V9 or X1 files, crafted by an attacker, are opened in the affected software, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the affected system.

Remediation

Users are advised to update to the latest version of the software. For V-SFT, the corrected version is 6.2.7.0. For TELLUS, the corrected version is 4.0.23.0.

Added: Jul 8, 2025, 1:22 PM

Updated: Jul 8, 2025, 1:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fuji Electric V-SFT and TELLUS Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Fuji Electric TELLUS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating