CVE-2019-3947

CRITICAL

Fujielectric V-server - Insufficiently Protected Credentials

Title source: rule

Description

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.

References (2)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2019-27

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108740

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 61.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

fujielectric/v-server < 6.0.33.0

Timeline

Published Jun 12, 2019

Tracked Since Feb 18, 2026