CVE-2024-34579

High

Published: 17 January 2025

Published

17 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

Security Summary

CVE-2024-34579 is a stack-based buffer overflow vulnerability (CWE-121) in Fuji Electric Alpha5 SMART, which may allow an attacker to execute arbitrary code. The vulnerability received a CVSS score of 7.8 under CVSS:3.1 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and high impacts to confidentiality, integrity, and availability. It was published on 2025-01-17.

The vulnerability can be exploited by a local attacker who requires user interaction to trigger the buffer overflow. No special privileges are needed, and exploitation has low complexity. Successful attacks enable arbitrary code execution, potentially compromising the affected system with high-impact effects on confidentiality, integrity, and availability.

Mitigation details are provided in the CISA ICS advisory ICSA-25-016-05, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05.

Details

CWE(s): CWE-121

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05
ics-cert@hq.dhs.gov