Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
CVE-2023-40152

7.8HIGH

Key Information:

Vendor: Fuji Electric
Status: Tellus Lite V-simulator
Vendor: CVE Published:; 22 November 2023

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2023-40152?

An out of bounds write vulnerability exists in Fuji Electric's Tellus Lite V-Simulator when it processes a specially-crafted input file. This can lead to unintended alteration of memory, potentially allowing adversaries to execute arbitrary code or cause application crashes. Users of the Tellus Lite V-Simulator should review their systems for the latest security updates and patches to mitigate associated risks.

Affected Version(s)

Tellus Lite V-Simulator 0 < 4.0.19.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...

https://felib.fujielectric.co.jp/en/M10009/M20034/documen...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Aug 18, 2023

Credit

Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.

JSON