Primary

Context

Fuji Electric V-SFT Out-of-Bounds Read Vulnerability Allowing Information Disclosure, System Crash, and Arbitrary Code Execution

Vulnerability

Patched

A vulnerability allowing out-of-bounds read has been identified in the V-SFT software by Fuji Electric, specifically in version 6.2.7.0 and earlier. This vulnerability resides in the 'VS6ComFile!CSaveData::delete_mem' function. Opening specially crafted V-SFT files can trigger this vulnerability, potentially leading to unauthorized information disclosure, causing the system to experience an abnormal termination (ABEND), and allowing arbitrary code execution.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure, an abnormal system termination (ABEND), and arbitrary code execution.

Remediation

Users are advised to update the software to the latest version. Improvement information for V-SFT version 6 is available on the Fuji Electric Monitouch website.

Added: Oct 10, 2025, 11:18 AM

Updated: Oct 10, 2025, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fuji Electric V-SFT Out-of-Bounds Read Vulnerability Allowing Information Disclosure, System Crash, and Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

FUJI Electric V-SFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating