{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32929", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-16T23:27:50.173Z", "datePublished": "2026-04-01T23:00:07.041Z", "dateUpdated": "2026-04-02T13:32:36.370Z"}, "containers": {"cna": {"affected": [{"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.", "product": "V-SFT", "versions": [{"version": "6.2.10.0 and prior", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Read", "lang": "en-US", "cweId": "CWE-125", "type": "CWE"}]}], "references": [{"url": "https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb"}, {"url": "https://jvn.jp/en/vu/JVNVU90448293/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-01T23:00:07.041Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T13:26:43.899957Z", "id": "CVE-2026-32929", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:32:36.370Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32929", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T13:26:43.899957Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:26:49.958Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.", "product": "V-SFT", "versions": [{"status": "affected", "version": "6.2.10.0 and prior"}]}], "references": [{"url": "https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb"}, {"url": "https://jvn.jp/en/vu/JVNVU90448293/"}], "descriptions": [{"lang": "en", "value": "V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-01T23:00:07.041Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32929", "state": "PUBLISHED", "dateUpdated": "2026-04-02T13:32:36.370Z", "dateReserved": "2026-03-16T23:27:50.173Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-04-01T23:00:07.041Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product."}], "id": "CVE-2026-32929", "lastModified": "2026-04-01T23:17:03.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-04-01T23:17:03.427", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU90448293/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,6.2.10.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "V-SFT", "source": "cna", "vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd."}, "product": "v-sft", "vendor": "fujielectric"}], "analysis": {"en": {"generated_at": "2026-04-02T03:41:20.503584+00:00", "value": {"mitigation_remediation": ["Apply the latest V\u2011SFT update (any release above 6.2.10.0) provided by Fujielectric or Hakko Electronics.", "Temporarily avoid opening or importing V7 files until a patch is available.", "Restrict user permissions for running V\u2011SFT and limit macro execution if possible.", "Check the vendor\u2019s website or support channels regularly for an official patch or advisory."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Fujielectric Co., Ltd. and Hakko Electronics Co., Ltd. V\u2011SFT products, specifically all releases up to and including version 6.2.10.0.", "description_and_impact": "V\u2011SFT versions 6.2.10.0 and earlier contain an out\u2011of\u2011bounds read in the VS6ComFile!get_macro_mem_COM function. When a specially crafted V7 file is opened, the software can read memory contents beyond the intended buffer, allowing an attacker to obtain sensitive information from the running system. The flaw is classified as an information disclosure vulnerability (CWE\u2011125).", "risk_and_exploitability": "The CVSS base score of 8.4 indicates high severity. Although no EPSS score is provided and the vulnerability is not listed in the KEV catalog, the flaw remains relevant because it permits disclosure of confidential data. The attack requires a user to supply a malicious V7 file and cause the application to process it, so it is most likely exploitable through a local or email\u2011spear\u2011phishing attack that prompts the user to open the file. If the application processes files from untrusted sources automatically, a remote exploitation path could exist. The impact is limited to data that the compromised process can access."}}}}, "created": "2026-04-02T07:46:59.394193+00:00", "title": "Out\u2011of\u2011Bounds Read in V\u2011SFT May Cause Information Disclosure", "updated": "2026-04-02T20:15:58.593071+00:00", "vendors": ["fujielectric", "fujielectric$PRODUCT$v-sft"]}