Login Sign Up

CVE-2021-38401

7.8 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability in Fuji Electric V-Server Lite and Tellus Lite V-Simulator allows attackers to execute arbitrary code by exploiting an untrusted pointer dereference. It affects industrial control system software used in manufacturing and automation environments. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • Fuji Electric V-Server Lite
  • Fuji Electric Tellus Lite V-Simulator
Versions: All versions prior to v4.0.12.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: These are industrial control system (ICS) software products used for monitoring and simulation in manufacturing environments.

📦 What is this software?

V Server by Fujielectric

View all CVEs affecting V Server →

V Simulator by Fujielectric

View all CVEs affecting V Simulator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to execute arbitrary code, crash critical industrial control systems, and potentially disrupt manufacturing operations or cause physical damage.

🟠

Likely Case

Application crash leading to denial of service in industrial environments, potentially disrupting monitoring and control functions.

🟢

If Mitigated

Limited impact if systems are isolated from untrusted networks and proper access controls are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

The vulnerability requires network access to the affected software but does not require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.0.12.0

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-21-299-01

Restart Required: Yes

Instructions:

1. Download the patched version v4.0.12.0 from Fuji Electric. 2. Backup current configuration and data. 3. Install the update following vendor instructions. 4. Restart the application and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks and implement strict firewall rules.

Access Control Restrictions

all

Implement strict network access controls to limit connections to trusted sources only.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems from untrusted networks
  • Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the software version in the application's About or Help menu. If version is below 4.0.12.0, the system is vulnerable.

Check Version:

Check application version through GUI or consult vendor documentation for version verification.

Verify Fix Applied:

Verify the software version shows 4.0.12.0 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Unexpected process termination
  • Memory access violation errors

Network Indicators:

  • Unexpected network connections to the V-Server/Tellus Lite ports
  • Malformed packets targeting the application

SIEM Query:

source="application_logs" AND ("V-Server" OR "Tellus Lite") AND ("crash" OR "access violation" OR "memory error")

📊 Metadata

CVE ID: CVE-2021-38401
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-822
Published: December 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38401, you might also want to check these:

CVE-2025-50165 9.8

This critical vulnerability in Microsoft Graphics Component allows remote attackers to execute arbit...

Same vulnerability type (CWE-822)
CVE-2023-1437 9.8

This vulnerability in Advantech WebAccess/SCADA allows attackers to send malicious RPC arguments con...

Same vulnerability type (CWE-822)
CVE-2025-1255 9.1

CVE-2025-1255 is an untrusted pointer dereference vulnerability in RTI Connext Professional Core Lib...

Same vulnerability type (CWE-822)