Details of VAR-202306-0128

ID

VAR-202306-0128

CVE

CVE-2023-29167

TITLE

Made by Fuji Electric FRENIC RHC Loader Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002022

DESCRIPTION

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. Provided by Fuji Electric Co., Ltd. FRENIC RHC Loader contains multiple vulnerabilities: * stack-based buffer overflow ( CWE-121 ) - CVE-2023-29160 It was * out-of-bounds read ( CWE-125 ) - CVE-2023-29167 It was * XML External entity reference ( XXE ) inappropriate restriction ( CWE-611 ) - CVE-2023-29498 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric in Japan for debugging and monitoring inverters, primarily serving the industrial automation sector

Trust: 2.25

sources: NVD: CVE-2023-29167 // JVNDB: JVNDB-2023-002022 // CNVD: CNVD-2025-21386 // VULMON: CVE-2023-29167

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21386

AFFECTED PRODUCTS

vendor:	fujielectric	model:	frenic rhc loader	scope:	lte	version:	1.1.0.3	Trust: 1.0
vendor:	富士電機	model:	frenic rhc loader	scope:	eq	version:	-	Trust: 0.8
vendor:	富士電機	model:	frenic rhc loader	scope:	lte	version:	v1.1.0.3 and earlier	Trust: 0.8
vendor:	fuji	model:	electric frenic rhc loader	scope:	eq	version:	v1.1.0.3	Trust: 0.6

sources: CNVD: CNVD-2025-21386 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-29167
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-29167
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-002022
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-21386
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202306-184
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21386
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-29167
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-002022
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-21386 // CNNVD: CNNVD-202306-184 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29167 // NVD: CVE-2023-29167

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8
problemtype:	XML Improper restriction of external entity references (CWE-611) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29167

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-184

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202306-184

PATCH

title:	FRENIC-RHC Loader software Ver1.3.0.1 Japanese version ( Instruction manual included )	url:	https://felib.fujielectric.co.jp/download/details.htm?dataid=46924727&site=japan&lang=ja	Trust: 0.8
title:	Patch for Fuji Electric FRENIC RHC Loader Out-of-Bounds Read Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/732161	Trust: 0.6
title:	Fuji Electric FRENIC RHC Loader Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=242473	Trust: 0.6

sources: CNVD: CNVD-2025-21386 // CNNVD: CNNVD-202306-184 // JVNDB: JVNDB-2023-002022

EXTERNAL IDS

db:	NVD	id:	CVE-2023-29167	Trust: 3.9
db:	JVN	id:	JVNVU97809354	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-002022	Trust: 2.0
db:	CNVD	id:	CNVD-2025-21386	Trust: 0.6
db:	CNNVD	id:	CNNVD-202306-184	Trust: 0.6
db:	VULMON	id:	CVE-2023-29167	Trust: 0.1

sources: CNVD: CNVD-2025-21386 // VULMON: CVE-2023-29167 // CNNVD: CNNVD-202306-184 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29167

REFERENCES

url:	https://felib.fujielectric.co.jp/download/details.htm?dataid=45829407&site=global&lang=en	Trust: 1.7
url:	https://jvn.jp/en/vu/jvnvu97809354/	Trust: 1.7
url:	https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-002022.html	Trust: 1.2
url:	https://jvn.jp/vu/jvnvu97809354/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29160	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29167	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29498	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-29167/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-21386 // VULMON: CVE-2023-29167 // CNNVD: CNNVD-202306-184 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29167

SOURCES

db:	CNVD	id:	CNVD-2025-21386
db:	VULMON	id:	CVE-2023-29167
db:	CNNVD	id:	CNNVD-202306-184
db:	JVNDB	id:	JVNDB-2023-002022
db:	NVD	id:	CVE-2023-29167

LAST UPDATE DATE

2025-10-17T23:14:24.865000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21386	date:	2025-09-17T00:00:00
db:	VULMON	id:	CVE-2023-29167	date:	2023-06-13T00:00:00
db:	CNNVD	id:	CNNVD-202306-184	date:	2023-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2023-002022	date:	2024-04-18T08:39:00
db:	NVD	id:	CVE-2023-29167	date:	2025-01-03T21:15:12.217

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21386	date:	2025-09-15T00:00:00
db:	VULMON	id:	CVE-2023-29167	date:	2023-06-13T00:00:00
db:	CNNVD	id:	CNNVD-202306-184	date:	2023-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-002022	date:	2023-06-05T00:00:00
db:	NVD	id:	CVE-2023-29167	date:	2023-06-13T10:15:10.167