Details of VAR-202411-1628

ID

VAR-202411-1628

CVE

CVE-2024-38658

TITLE

Multiple vulnerabilities in multiple Fuji Electric products

Trust: 0.8

sources: JVNDB: JVNDB-2024-013702

DESCRIPTION

There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. Remote monitoring software provided by Fuji Electric Co., Ltd. TELLUS and TELLUS Lite , Display drawing software V-SFT Simulator module and remote monitoring software included in V-Server and V-Server Lite contains multiple vulnerabilities: * V-SFT , TELLUS , TELLLUS Lite Multiple stack-based buffer overflows in (CWE-121) - CVE-2024-38309 It was * TELLUS , TELLUS Lite Out of bounds read in (CWE-125) - CVE-2024-38389 It was * V-Server , V-Server Lite Out of bounds read in (CWE-125) - CVE-2024-38658 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric V-Server and Fuji Electric V-Server Lite are both products of Fuji Electric Corporation of Japan. The software can collect information from devices such as PLCs, temperature controllers, inverters, etc. Fuji Electric V-Server and Fuji Electric V-Server Lite have an out-of-bounds read vulnerability, which can be exploited by attackers to cause information leakage or execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2024-38658 // JVNDB: JVNDB-2024-013702 // CNVD: CNVD-2025-16530

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16530

AFFECTED PRODUCTS

vendor:	富士電機	model:	v-sft	scope:	lte	version:	v6.2.2.0 and earlier (cve-2024-38309)	Trust: 0.8
vendor:	富士電機	model:	v-server lite	scope:	-	version:	-	Trust: 0.8
vendor:	富士電機	model:	tellus	scope:	-	version:	-	Trust: 0.8
vendor:	富士電機	model:	v-server	scope:	-	version:	-	Trust: 0.8
vendor:	富士電機	model:	tellus lite	scope:	-	version:	-	Trust: 0.8
vendor:	fujielectric	model:	fuji electric v-server	scope:	lte	version:	<=v4.0.19.0	Trust: 0.6
vendor:	fuji	model:	electric fuji electric v-server lite	scope:	lte	version:	<=v4.0.19.0	Trust: 0.6

sources: CNVD: CNVD-2025-16530 // JVNDB: JVNDB-2024-013702

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-38658
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-013702
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-16530
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-16530
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-38658
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-013702
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16530 // JVNDB: JVNDB-2024-013702 // NVD: CVE-2024-38658

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-013702 // NVD: CVE-2024-38658

PATCH

title:	TELLUS and V-Server Improvement information version 4.0.20.0 (2450Q01 , 2450Q02 , 2450S03)	url:	https://hakko-elec.co.jp/site/download/03tellus_inf/index.php	Trust: 0.8
title:	Patch for Fuji Electric V-Server/V-Server Lite Out-of-Bounds Read Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/710766	Trust: 0.6

sources: CNVD: CNVD-2025-16530 // JVNDB: JVNDB-2024-013702

EXTERNAL IDS

db:	NVD	id:	CVE-2024-38658	Trust: 2.4
db:	JVN	id:	JVNVU97531313	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-013702	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16530	Trust: 0.6

sources: CNVD: CNVD-2025-16530 // JVNDB: JVNDB-2024-013702 // NVD: CVE-2024-38658

REFERENCES

url:	https://jvn.jp/en/vu/jvnvu97531313/	Trust: 1.6
url:	https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu97531313/index.html	Trust: 0.8

sources: CNVD: CNVD-2025-16530 // JVNDB: JVNDB-2024-013702 // NVD: CVE-2024-38658

SOURCES

db:	CNVD	id:	CNVD-2025-16530
db:	JVNDB	id:	JVNDB-2024-013702
db:	NVD	id:	CVE-2024-38658

LAST UPDATE DATE

2025-07-28T23:22:16.036000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16530	date:	2025-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-013702	date:	2024-11-29T03:36:00
db:	NVD	id:	CVE-2024-38658	date:	2024-11-29T21:15:05.633

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16530	date:	2025-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-013702	date:	2024-11-29T00:00:00
db:	NVD	id:	CVE-2024-38658	date:	2024-11-28T03:15:16.237