Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Published: 2026-04-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

An out‑of‑bounds read occurs in the VS6MemInIF!set_temp_type_default function of V‑SFT firmware versions 6.2.10.0 and earlier when a maliciously crafted V7 file is opened. The flaw allows an attacker to read memory outside the intended buffer boundaries, potentially exposing sensitive data stored in memory, such as passwords or configuration information. This vulnerability is classified as CWE‑125 and results in information disclosure to the user or attacker who can craft and load the file.

Affected Systems

Affected systems are Fujielectric and Hakko Electronics equipment running the V‑SFT application, specifically firmware versions 6.2.10.0 and any earlier releases. All units that use the legacy V‑SFT interface and process V7 files are at risk until the firmware is updated.

Risk and Exploitability

The CVSS base score for this flaw is 8.4, indicating high severity, while the EPSS score is below 1 %, suggesting that exploitation is considered unlikely at present. The vulnerability is not listed in the CISA KEV catalog, and no remote code execution vector is reported. However, an attacker can gain access to confidential data by tricking a user into opening a malicious V7 file; the attack requires user interaction and may be mitigated by applying the vendor patch or rejecting untrusted files.

Generated by OpenCVE AI on April 7, 2026 at 21:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest V‑SFT firmware update from Fuji Electric or Hakko Electronics to eliminate the out‑of‑bounds read bug.
  • If an immediate patch is unavailable, restrict or deny processing of V7 files until the update is applied.
  • Verify the firmware version on all impacted devices; versions 6.2.10.0 and earlier are vulnerable.
  • Stay informed by consulting Fuji Electric and Hakko Electronics security advisories for further updates.

Generated by OpenCVE AI on April 7, 2026 at 21:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in V‑SFT Causing Information Disclosure

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in V‑SFT Causing Information Disclosure
First Time appeared Fujielectric
Fujielectric v-sft
Vendors & Products Fujielectric
Fujielectric v-sft

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fujielectric V-sft
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-02T13:32:53.041Z

Reserved: 2026-03-16T23:27:50.173Z

Link: CVE-2026-32927

cve-icon Vulnrichment

Updated: 2026-04-02T13:27:23.291Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T23:17:03.110

Modified: 2026-04-07T18:43:12.460

Link: CVE-2026-32927

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:41Z

Weaknesses