{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/v-sft/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-32928"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-32928","buffer-overflow","code-execution","v-sft"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eV-SFT versions 6.2.10.0 and earlier are vulnerable to a stack-based buffer overflow (CVE-2026-32928) located in the VS6ComFile!CSaveData::_conv_AnimationItem function. This vulnerability is triggered when the software processes a specially crafted V7 file. Successful exploitation of this vulnerability can lead to arbitrary code execution within the context of the application. Given the potential for complete system compromise, organizations using affected versions of V-SFT should take immediate steps to mitigate this risk. This vulnerability was reported by JPCERT/CC.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a target using a vulnerable version of V-SFT (\u0026lt;= 6.2.10.0).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious V7 file designed to trigger the buffer overflow in the \u003ccode\u003eVS6ComFile!CSaveData::_conv_AnimationItem\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious V7 file to the target, potentially through social engineering or other means.\u003c/li\u003e\n\u003cli\u003eThe target user opens the malicious V7 file using the vulnerable V-SFT software.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eVS6ComFile!CSaveData::_conv_AnimationItem\u003c/code\u003e function processes the V7 file, copying data into a fixed-size buffer on the stack.\u003c/li\u003e\n\u003cli\u003eThe crafted V7 file contains data exceeding the buffer\u0026rsquo;s capacity, causing a buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe overflow overwrites adjacent stack memory, including the return address.\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003e_conv_AnimationItem\u003c/code\u003e function returns, execution is redirected to an attacker-controlled address, allowing arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32928 allows an attacker to execute arbitrary code on the affected system. This could lead to complete system compromise, data theft, or denial of service. The vulnerability affects any system running V-SFT versions 6.2.10.0 and prior. The severity is rated as high with a CVSS v3.1 score of 7.8.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a non-vulnerable version of V-SFT (later than 6.2.10.0) as provided by the vendor.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for V-SFT processes spawning child processes or executing unusual commands, using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring for the V-SFT executable and associated libraries to detect unauthorized modifications.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening files from untrusted sources to mitigate social engineering attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T23:17:03Z","date_published":"2026-04-01T23:17:03Z","id":"/briefs/2026-04-v-sft-overflow/","summary":"V-SFT versions 6.2.10.0 and prior are susceptible to a stack-based buffer overflow vulnerability that could allow arbitrary code execution when a malicious V7 file is opened.","title":"V-SFT Stack-Based Buffer Overflow Vulnerability (CVE-2026-32928)","url":"https://feed.craftedsignal.io/briefs/2026-04-v-sft-overflow/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-32929"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-32929","out-of-bounds read","information disclosure","v-sft"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32929 is an out-of-bounds read vulnerability affecting V-SFT versions 6.2.10.0 and prior. The vulnerability exists within the \u003ccode\u003eVS6ComFile!get_macro_mem_COM\u003c/code\u003e function. An attacker can exploit this vulnerability by crafting a malicious V7 file. When a user opens the crafted V7 file with a vulnerable version of V-SFT, the out-of-bounds read can be triggered, leading to potential information disclosure. This vulnerability was disclosed on April 1, 2026, and poses a risk to users who rely on V-SFT software for industrial automation and control systems. Organizations should assess their exposure to this vulnerability and take appropriate mitigation steps, including updating to a patched version of V-SFT.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a target using V-SFT versions 6.2.10.0 or prior.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious V7 file specifically designed to trigger the out-of-bounds read in \u003ccode\u003eVS6ComFile!get_macro_mem_COM\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker delivers the crafted V7 file to the target, possibly through social engineering or other means.\u003c/li\u003e\n\u003cli\u003eThe target user opens the malicious V7 file using the vulnerable V-SFT software.\u003c/li\u003e\n\u003cli\u003eV-SFT attempts to parse the crafted V7 file, triggering the \u003ccode\u003eVS6ComFile!get_macro_mem_COM\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eDue to the malformed structure of the crafted V7 file, the \u003ccode\u003eget_macro_mem_COM\u003c/code\u003e function attempts to read data beyond the allocated buffer.\u003c/li\u003e\n\u003cli\u003eThe out-of-bounds read occurs, potentially disclosing sensitive information from the V-SFT process memory.\u003c/li\u003e\n\u003cli\u003eThe attacker may be able to leverage the disclosed information to further compromise the system or network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32929 can lead to information disclosure. An attacker who successfully exploits this vulnerability may be able to read sensitive data from the memory of the V-SFT process. The disclosed information could potentially include configuration settings, credentials, or other sensitive data that could be used to further compromise the affected system. While the NVD does not yet contain scoring data, JPCERT/CC assigned a base score of 7.8 HIGH.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade V-SFT to a version that patches CVE-2026-32929 to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect V-SFT V7 File Opening\u0026rdquo; to detect attempts to open V7 files using the vulnerable software.\u003c/li\u003e\n\u003cli\u003eMonitor systems running V-SFT for unexpected behavior or crashes, which could indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening files from untrusted sources to prevent social engineering attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T23:17:03Z","date_published":"2026-04-01T23:17:03Z","id":"/briefs/2026-04-vsft-oob-read/","summary":"V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability (CVE-2026-32929) in VS6ComFile!get_macro_mem_COM, where opening a crafted V7 file may lead to information disclosure.","title":"V-SFT Out-of-Bounds Read Vulnerability (CVE-2026-32929)","url":"https://feed.craftedsignal.io/briefs/2026-04-vsft-oob-read/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-32925"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-32925","stack-based-buffer-overflow","v-sft"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eV-SFT versions 6.2.10.0 and earlier are susceptible to a critical stack-based buffer overflow vulnerability identified as CVE-2026-32925. This flaw resides within the \u003ccode\u003eVS6ComFile!CV7BaseMap::WriteV7DataToRom\u003c/code\u003e function. The vulnerability is triggered when the software processes a specially crafted V7 file. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. This poses a significant risk to systems utilizing affected versions of V-SFT, as it could lead to complete system compromise. The vulnerability was reported to JPCERT/CC and assigned CWE-121, highlighting the classic stack-based buffer overflow nature of the issue.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious V7 file designed to exploit the buffer overflow in \u003ccode\u003eVS6ComFile!CV7BaseMap::WriteV7DataToRom\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe user opens the malicious V7 file using a vulnerable version of V-SFT (6.2.10.0 or prior).\u003c/li\u003e\n\u003cli\u003eV-SFT attempts to parse the V7 file, specifically calling the \u003ccode\u003eCV7BaseMap::WriteV7DataToRom\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eDuring the \u003ccode\u003eWriteV7DataToRom\u003c/code\u003e function execution, the crafted V7 file provides input that exceeds the buffer size allocated on the stack.\u003c/li\u003e\n\u003cli\u003eThe excessive input overwrites adjacent memory locations on the stack, including the return address.\u003c/li\u003e\n\u003cli\u003eUpon completion of the \u003ccode\u003eWriteV7DataToRom\u003c/code\u003e function, control is transferred to the overwritten return address.\u003c/li\u003e\n\u003cli\u003eThe attacker redirects code execution to a location containing malicious code injected into the process memory.\u003c/li\u003e\n\u003cli\u003eThe injected code executes with the privileges of the V-SFT application, potentially leading to complete system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32925 allows an attacker to execute arbitrary code on systems running vulnerable versions of V-SFT (6.2.10.0 and prior). This could result in complete system compromise, data theft, or denial of service. The exact number of potential victims is unknown, but the severity is high due to the potential for arbitrary code execution.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a non-vulnerable version of V-SFT as provided by the vendor (Fujielectric). Refer to the vendor advisory (\u003ca href=\"https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb\"\u003ehttps://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for V-SFT spawning unusual child processes, which might indicate successful code execution. Utilize the Sigma rule \u0026ldquo;Detect Suspicious V-SFT Child Processes\u0026rdquo; to identify such behavior.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring for the V-SFT executable and related libraries to detect unauthorized modifications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T23:17:02Z","date_published":"2026-04-01T23:17:02Z","id":"/briefs/2026-04-v-sft-buffer-overflow/","summary":"V-SFT versions 6.2.10.0 and prior are vulnerable to a stack-based buffer overflow (CVE-2026-32925) in the VS6ComFile!CV7BaseMap::WriteV7DataToRom function, potentially leading to arbitrary code execution when processing a crafted V7 file.","title":"V-SFT v6.2.10.0 Stack-Based Buffer Overflow (CVE-2026-32925)","url":"https://feed.craftedsignal.io/briefs/2026-04-v-sft-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — V-Sft","version":"https://jsonfeed.org/version/1.1"}