CVE-2021-22655
First published: Wed Jan 27 2021(Updated: )
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fujielectric V-server | <4.0.10.0 | |
| Fujielectric V-simulator | <4.0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22655?
CVE-2021-22655 is a vulnerability that allows an attacker to execute arbitrary code on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0) by crafting a special project file.
What is the severity of CVE-2021-22655?
The severity of CVE-2021-22655 is high, with a CVSS score of 7.8.
What software is affected by CVE-2021-22655?
The Fujielectric V-Simulator and V-Server Lite versions prior to 4.0.10.0 are affected by CVE-2021-22655.
How can an attacker exploit CVE-2021-22655?
An attacker can exploit CVE-2021-22655 by crafting a special project file and tricking the application into processing it, which may allow them to execute arbitrary code.
Is there a fix available for CVE-2021-22655?
Yes, updating the affected software to version 4.0.10.0 or later will fix CVE-2021-22655.