关键信息总结 漏洞概述 CVE编码 - Stack-Based Buffer Overflow: CVE-2017-9659 - Heap-Based Buffer Overflow: CVE-2017-9660 - Improper Privilege Management: CVE-2017-9662 CVSS Score: 7.3 Exploitability: Remotely exploitable/low skill level to exploit. 影响和风险 Potential Impact: Remote code execution or application crash. Privilege Escalation: Improper privilege management could allow privilege escalation for local users. 漏洞详细 1. Stack-Based Buffer Overflow (CWE-121, CVE-2017-9659): May cause a crash or allow remote code execution. 2. Heap-Based Buffer Overflow (CWE-122, CVE-2017-9660): May cause a crash or allow remote code execution. 3. Improper Privilege Management (CWE-269, CVE-2017-9662): Could allow local users with local access to escalate privileges. 缓解措施 Vendor Patch: Fuji Electric released a new version, Version 5.4+.43.0, to fix these vulnerabilities. Defensive Measures: - Minimize network exposure, use firewalls, and employ secure remote access methods like VPNs. 受影响产品 Monitouch V-SFT, versions prior to Version 5.4+.43.0 研究与报告 Researchers: Fritz Sands and kimiya working with Trend Micro’s Zero Day Initiative. 行业背景与部署 Critical Infrastructure Sector: Critical Manufacturing, Energy Deployment: Worldwide Company Headquarters: Japan