Industrial Gear at Risk from Fuji Code-Execution Bugs

2021-01-29 18:01

Industrial control software from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning.

The two make up a comprehensive human-machine interface system, used to remotely monitor and collect production data in real time, and control a variety of industrial and critical-infrastructure gear.

"Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application," CISA explained.

"Attackers could alter the data displayed on the HMI monitoring systems, so the humans monitoring the systems would be blind to an attack on the remote equipment," he explained.

Five different kinds of security vulnerabilities exist in vulnerable versions of the Fuji Electric Tellus Lite V-Simulator and V-Server Lite.

In all cases they were identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.

News URL

https://threatpost.com/industrial-gear-fuji-code-execution-bugs/163490/

#codeexecution