Fuji Electric Alpha5 Smart Loader (Update A) (ICSA-18-270-02)

February 7, 2019

The NCCIC has updated this advisory with additional information on mitigation measures. Read the advisory at NCCIC/ICS-CERT.

September 27, 2018

The NCCIC has released an advisory on classic buffer overflow and heap-based buffer overflow vulnerabilities in Fuji Electric Alpha5 Smart Loader. Versions 3.7 and prior are affected. Successful exploitation of these vulnerabilities could allow for arbitrary remote code execution on the device. Fuji Electric has stated it is actively working on a resolution to the reported vulnerabilities. The NCCIC indicated it will update its advisory once mitigation efforts have been reported. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.