CVE-2023-35127
published 2023-11-22CVE-2023-35127: Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.29%
21.1th percentile
Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fuji_electric | tellus_lite_v-simulator | < 4.0.19.0 | 4.0.19.0 |
| fujielectric | tellus_lite_v-simulator | < 4.0.19.0 | 4.0.19.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Fuji Electric Tellus Lite V-Simulator
cisa_ics·2023-11-21·CVSS 7.8
[HIGH] Fuji Electric Tellus Lite V-Simulator
ICS Advisory
##
Fuji Electric Tellus Lite V-Simulator
Release DateNovember 21, 2023
Alert CodeICSA-23-325-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Fuji Electric
- Equipment: Tellus Lite V-Simulator
- Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed, allow remote code execution, or overwrite files.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Fuji Electric reports that the following versions of Tellus Lite V-Simulator remote monitoring software are affected:
- Tellus Lite V-Simulator: versions prior to V4.0.19.0
## 3.2 Vulnerability Overview
3.2
GHSA
GHSA-wppp-2cv6-876r: Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file
ghsa_unreviewed·2023-11-22
CVE-2023-35127 [HIGH] CWE-121 GHSA-wppp-2cv6-876r: Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file
Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71ahttps://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71ahttps://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
2023-11-22
Published