Alpha5 Smart Loader Firmware
CVE-2018-14794
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.
AnalysisAI
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-122. Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer. Affected products include: Fujielectric Alpha5 Smart Loader Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Alpha5 Smart Loader Firmware
View allThe affected product is vulnerable to an out-of-bounds read, which may result in code execution. Rated high severity (CV
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary co
The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. Rated high severit
Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. Rated high sever
The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. Ra
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. R
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remote
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today