CVE-2021-38419

Name of the Vulnerable Software and Affected Versions Fuji Electric V-Server Lite and Tellus Lite V-Simulator versions prior to 4.0.12.0

Description The issue is related to an out-of-bounds write that can occur during the parsing of V9 files in the V-Simulator module. This can result in data corruption, a system crash, or code execution. An attacker could exploit this by using a specially crafted malicious file or webpage, potentially allowing them to execute arbitrary code or cause a denial of service.

Recommendations For versions prior to 4.0.12.0, update to version 4.0.12.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the V-Simulator module or avoiding the parsing of V9 files until a patch is applied.