Fuji Electric V-Server

Plan Patch7.3ICS-CERT ICSA-18-254-01Sep 11, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

V-Server versions 4.0.3.0 and prior contain multiple memory corruption vulnerabilities (use-after-free, buffer overflow, integer underflow) that allow unauthenticated remote code execution. Successful exploitation could result in arbitrary command execution on the device, denial of service, or information exposure of facility monitoring data. The vulnerabilities are triggered through malformed network requests to V-Server's service port and do not require authentication or user interaction.

What this means

What could happen

An attacker who reaches V-Server could run arbitrary code on it, potentially stopping monitoring and data collection for critical equipment or extracting sensitive process information. This could blind operators to facility conditions or disrupt the visibility needed to detect other problems.

Who's at risk

Energy utilities and any facility using Fuji Electric V-Server 4.0.3.0 or earlier for centralized monitoring and data collection of industrial equipment. This includes electric generation plants, substations, and distribution control centers where V-Server provides real-time visibility into grid or process operations.

How it could be exploited

An attacker on the network sends a crafted request to V-Server on its service port. V-Server processes the malformed input, triggering a memory corruption bug (use-after-free, buffer overflow, or integer underflow). This allows the attacker to overwrite memory and execute arbitrary commands with V-Server's privilege level.

Prerequisites

Network reachability to V-Server service port
No authentication required
V-Server version 4.0.3.0 or earlier

remotely exploitableno authentication requiredlow complexityhigh CVSS (7.3)affects monitoring and control visibility

Exploitability

Moderate exploit probability (EPSS 4.7%)

Affected products (1)

ProductAffected VersionsFix Status

V-Server: 4.0.3.0 and prior≤ 4.0.3.04.0.4.0

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGPlace V-Server behind a firewall and restrict network access to only authorized engineering workstations and monitoring systems

HARDENINGIsolate the V-Server and its connected control system network from the business network to prevent lateral movement

HARDENINGIf remote access to V-Server is required, use a VPN with current patches and require strong authentication

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade V-Server to version 4.0.4.0 or later from the Fuji Electric support portal (login required)

CVEs (7)

CVE-2018-14809 CVE-2018-14811 CVE-2018-14813 CVE-2018-14815 CVE-2018-14817 CVE-2018-14819 CVE-2018-14823

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0c4577db-28ba-4729-acbd-4d2ab5e230aa