Details of VAR-202306-0129

ID

VAR-202306-0129

CVE

CVE-2023-29160

TITLE

Made by Fuji Electric FRENIC RHC Loader Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002022

DESCRIPTION

Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. Provided by Fuji Electric Co., Ltd. FRENIC RHC Loader contains multiple vulnerabilities: * stack-based buffer overflow ( CWE-121 ) - CVE-2023-29160 It was * out-of-bounds read ( CWE-125 ) - CVE-2023-29167 It was * XML External entity reference ( XXE ) inappropriate restriction ( CWE-611 ) - CVE-2023-29498 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric in Japan for debugging and monitoring inverters, primarily serving the industrial automation sector

Trust: 2.25

sources: NVD: CVE-2023-29160 // JVNDB: JVNDB-2023-002022 // CNVD: CNVD-2025-21387 // VULMON: CVE-2023-29160

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21387

AFFECTED PRODUCTS

vendor:	fujielectric	model:	frenic rhc loader	scope:	lte	version:	1.1.0.3	Trust: 1.0
vendor:	富士電機	model:	frenic rhc loader	scope:	eq	version:	-	Trust: 0.8
vendor:	富士電機	model:	frenic rhc loader	scope:	lte	version:	v1.1.0.3 and earlier	Trust: 0.8
vendor:	fuji	model:	electric frenic rhc loader	scope:	eq	version:	v1.1.0.3	Trust: 0.6

sources: CNVD: CNVD-2025-21387 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-29160
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-29160
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-002022
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-21387
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202306-185
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21387
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-29160
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-002022
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-21387 // CNNVD: CNNVD-202306-185 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29160 // NVD: CVE-2023-29160

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8
problemtype:	XML Improper restriction of external entity references (CWE-611) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29160

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-185

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202306-185

PATCH

title:	FRENIC-RHC Loader software Ver1.3.0.1 Japanese version ( Instruction manual included )	url:	https://felib.fujielectric.co.jp/download/details.htm?dataid=46924727&site=japan&lang=ja	Trust: 0.8
title:	Patch for Fuji Electric FRENIC RHC Loader Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/732166	Trust: 0.6
title:	Fuji Electric FRENIC RHC Loader Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=242474	Trust: 0.6

sources: CNVD: CNVD-2025-21387 // CNNVD: CNNVD-202306-185 // JVNDB: JVNDB-2023-002022

EXTERNAL IDS

db:	NVD	id:	CVE-2023-29160	Trust: 3.9
db:	JVN	id:	JVNVU97809354	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-002022	Trust: 2.0
db:	CNVD	id:	CNVD-2025-21387	Trust: 0.6
db:	CNNVD	id:	CNNVD-202306-185	Trust: 0.6
db:	VULMON	id:	CVE-2023-29160	Trust: 0.1

sources: CNVD: CNVD-2025-21387 // VULMON: CVE-2023-29160 // CNNVD: CNNVD-202306-185 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29160

REFERENCES

url:	https://felib.fujielectric.co.jp/download/details.htm?dataid=45829407&site=global&lang=en	Trust: 1.7
url:	https://jvn.jp/en/vu/jvnvu97809354/	Trust: 1.7
url:	https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-002022.html	Trust: 1.2
url:	https://jvn.jp/vu/jvnvu97809354/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29160	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29167	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29498	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-29160/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-21387 // VULMON: CVE-2023-29160 // CNNVD: CNNVD-202306-185 // JVNDB: JVNDB-2023-002022 // NVD: CVE-2023-29160

SOURCES

db:	CNVD	id:	CNVD-2025-21387
db:	VULMON	id:	CVE-2023-29160
db:	CNNVD	id:	CNNVD-202306-185
db:	JVNDB	id:	JVNDB-2023-002022
db:	NVD	id:	CVE-2023-29160

LAST UPDATE DATE

2025-10-17T23:14:24.926000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21387	date:	2025-09-17T00:00:00
db:	VULMON	id:	CVE-2023-29160	date:	2023-06-13T00:00:00
db:	CNNVD	id:	CNNVD-202306-185	date:	2023-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2023-002022	date:	2024-04-18T08:39:00
db:	NVD	id:	CVE-2023-29160	date:	2025-01-03T21:15:11.997

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21387	date:	2025-09-15T00:00:00
db:	VULMON	id:	CVE-2023-29160	date:	2023-06-13T00:00:00
db:	CNNVD	id:	CNNVD-202306-185	date:	2023-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-002022	date:	2023-06-05T00:00:00
db:	NVD	id:	CVE-2023-29160	date:	2023-06-13T10:15:10.123