Skip to main content

V Sft

9 CVEs product

Monthly

CVE-2026-32929 HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to disclose sensitive information and potentially achieve code execution when processing maliciously crafted V7 files. The vulnerability resides in the VS6ComFile!get_macro_mem_COM function and requires user interaction to open a weaponized file. No public exploit identified at time of analysis, though the local attack vector and file format parsing nature make this a realistic social engineering target for industrial control system environments.

Information Disclosure Buffer Overflow V Sft
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-32928 HIGH This Week

Stack-based buffer overflow in Fuji Electric/Hakko Electronics V-SFT versions through 6.2.10.0 enables arbitrary code execution when processing malicious V7 project files. Local attackers can exploit this via social engineering to deliver weaponized files requiring user interaction to open. CVSS 8.4 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with EPSS data unavailable for this newly-assigned CVE. Japanese vulnerability coordination (JPCERT/JVN) indicates regional industrial control system exposure.

Buffer Overflow RCE Stack Overflow V Sft
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-32927 HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to extract sensitive memory contents and potentially achieve code execution by opening a malicious V7 project file. The vulnerability requires user interaction (opening a crafted file) but no authentication, with an EPSS probability requiring assessment. No public exploit identified at time of analysis, though JPCERT coordination suggests industrial targeting potential.

Information Disclosure Buffer Overflow V Sft
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-32926 HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT industrial HMI software (versions ≤6.2.10.0) enables local attackers to disclose sensitive information and potentially achieve code execution when victims open maliciously crafted V7 project files. The vulnerability resides in the VS6ComFile!load_link_inf function during V7 file parsing. CVSS 8.4 reflects high confidentiality and integrity impact with low attack complexity requiring user interaction. No public exploit identified at time of analysis, though JPCERT coordination suggests targeted industrial sector awareness.

Information Disclosure Buffer Overflow V Sft
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-32925 HIGH This Week

Stack-based buffer overflow in Fuji Electric/HAKKO Electronics V-SFT automation software (versions ≤6.2.10.0) allows arbitrary code execution when opening a maliciously crafted V7 project file. An attacker must convince a user to open a weaponized file, requiring no authentication but user interaction. EPSS data not available; no public exploit identified at time of analysis, though the specific function (CV7BaseMap::WriteV7DataToRom) and vulnerability class (stack overflow) provide sufficient technical detail for skilled attackers to develop exploits.

RCE Buffer Overflow Stack Overflow V Sft
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2022-29925 HIGH This Week

Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE V Sft
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-29522 HIGH This Week

Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free V Server +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-29506 HIGH This Week

Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure V Server V Sft
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-26302 HIGH This Week

Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow V Sft
NVD
CVSS 3.1
7.8
EPSS
0.9%
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to disclose sensitive information and potentially achieve code execution when processing maliciously crafted V7 files. The vulnerability resides in the VS6ComFile!get_macro_mem_COM function and requires user interaction to open a weaponized file. No public exploit identified at time of analysis, though the local attack vector and file format parsing nature make this a realistic social engineering target for industrial control system environments.

Information Disclosure Buffer Overflow V Sft
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Stack-based buffer overflow in Fuji Electric/Hakko Electronics V-SFT versions through 6.2.10.0 enables arbitrary code execution when processing malicious V7 project files. Local attackers can exploit this via social engineering to deliver weaponized files requiring user interaction to open. CVSS 8.4 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with EPSS data unavailable for this newly-assigned CVE. Japanese vulnerability coordination (JPCERT/JVN) indicates regional industrial control system exposure.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to extract sensitive memory contents and potentially achieve code execution by opening a malicious V7 project file. The vulnerability requires user interaction (opening a crafted file) but no authentication, with an EPSS probability requiring assessment. No public exploit identified at time of analysis, though JPCERT coordination suggests industrial targeting potential.

Information Disclosure Buffer Overflow V Sft
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT industrial HMI software (versions ≤6.2.10.0) enables local attackers to disclose sensitive information and potentially achieve code execution when victims open maliciously crafted V7 project files. The vulnerability resides in the VS6ComFile!load_link_inf function during V7 file parsing. CVSS 8.4 reflects high confidentiality and integrity impact with low attack complexity requiring user interaction. No public exploit identified at time of analysis, though JPCERT coordination suggests targeted industrial sector awareness.

Information Disclosure Buffer Overflow V Sft
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Stack-based buffer overflow in Fuji Electric/HAKKO Electronics V-SFT automation software (versions ≤6.2.10.0) allows arbitrary code execution when opening a maliciously crafted V7 project file. An attacker must convince a user to open a weaponized file, requiring no authentication but user interaction. EPSS data not available; no public exploit identified at time of analysis, though the specific function (CV7BaseMap::WriteV7DataToRom) and vulnerability class (stack overflow) provide sufficient technical detail for skilled attackers to develop exploits.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE V Sft
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy