Login Sign Up

CVE-2022-26302

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a heap-based buffer overflow vulnerability in the simulator module of Fuji Electric's V-SFT graphic editor. Attackers can exploit it by tricking users into opening specially crafted image files, potentially leading to information disclosure or arbitrary code execution. Users of V-SFT versions prior to 6.1.6.0 are affected.

💻 Affected Systems

Products:
  • Fuji Electric V-SFT graphic editor
Versions: All versions prior to v6.1.6.0
Operating Systems: Windows (based on typical industrial software deployment)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the simulator module when processing image files. Requires user interaction to open malicious files.

📦 What is this software?

V Sft by Fujielectric

View all CVEs affecting V Sft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the affected system, potentially leading to lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the user running V-SFT, potentially leading to data theft or further system compromise.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only causing application crashes.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.1.6.0 and later

Vendor Advisory: https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php

Restart Required: Yes

Instructions:

1. Download V-SFT version 6.1.6.0 or later from Fuji Electric's website. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict file opening

all

Implement policies to prevent users from opening untrusted image files with V-SFT

Application sandboxing

all

Run V-SFT in a restricted environment or virtual machine

🧯 If You Can't Patch

  • Implement strict file access controls to prevent opening untrusted image files
  • Run V-SFT with minimal user privileges and in isolated environments

🔍 How to Verify

Check if Vulnerable:

Check V-SFT version in Help > About menu. If version is below 6.1.6.0, the system is vulnerable.

Check Version:

Check Help > About menu in V-SFT application

Verify Fix Applied:

Verify installed version is 6.1.6.0 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of V-SFT when processing image files
  • Unusual file access patterns to V-SFT executable

Network Indicators:

  • Unusual outbound connections from V-SFT process

SIEM Query:

Process:V-SFT.exe AND (EventID:1000 OR EventID:1001) OR FileAccess:*.(bmp|jpg|png|tiff) AND Process:V-SFT.exe

📊 Metadata

CVE ID: CVE-2022-26302
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 14, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-26302, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)