Java's Vulnerabilities in HULFT Products

July 28, 2017

Dear Customers

Saison Information Systems Co., Ltd.
HULFT Division

This is a report regarding the Java's vulnerabilities (such as CVE-2017-10110) in HULFT Series products.


1. Vulnerability Information

Vulnerabilities in Java have been announced (such as CVE-2017-10110). If misused by attackers, any code (command) can be executed and may control your computer.

You can learn more here:

2. Investigation Status

We would like to explain the effects of the vulnerabilities mentioned above on HULFT Series products.

The following is the HULFT Series Products Investigation Status as of 9:00 on July 28th, 2017

Product Name Investigation Status
HULFT No effect
HULFT8 Script Option The following five vulnerability effects are found:
CVE-2017-10115, CVE-2017-10118, CVE-2017-10176, CVE-2017-10135, CVE-2017-10198

Since HULFT8 Script Option uses Java, which is already included in the products, HULFT does not guarantee if you update by yourself and/or use the external Java. Please do not execute Java update at your end. We are planning to modify at the future release. The release time is not scheduled yet. We will keep you updated the information once we finalize the release time.
HULFT IoT The following seven vulnerability effects are found:

CVE-2017-10108, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10176, CVE-2017-10135, CVE-2017-10198

For customers who are using Oracle Java, please apply the latest update to your Java Runtime Environment version.
HULFT-HUB No effect
HULFT-DataMagic(Ver.2)
DataMagic(Ver.3)
No effect
HULFT-WebFT (Ver.2)
HULFT-WebFileTransfer (Ver.3)
The following seven vulnerability effects are found:
CVE-2017-10108, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10176, CVE-2017-10135, CVE-2017-10198

For customers who are using Oracle Java, please apply the latest update to your Java Runtime Environment version.