Fuji Electric Tellus Lite V-Simulator Improper Access Control
CVE-2023-5299

8.8HIGH

Key Information:

Vendor: Fuji Electric
Status: Tellus Lite V-simulator
Vendor: CVE Published:; 22 November 2023

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2023-5299?

A file overwrite vulnerability exists in Fuji Electric's Tellus Lite, allowing users with standard accounts to manipulate and overwrite critical files in the system. This flaw raises substantial security concerns, as unauthorized access to sensitive files could lead to system compromises and data integrity issues.

Affected Version(s)

Tellus Lite V-Simulator 0 < 4.0.19.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...

https://felib.fujielectric.co.jp/en/M10009/M20034/documen...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Sep 29, 2023

Credit

Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.

JSON