CVE-2023-40152
published 2023-11-22CVE-2023-40152: When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.34%
25.3th percentile
When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fuji_electric | tellus_lite_v-simulator | < 4.0.19.0 | 4.0.19.0 |
| fujielectric | tellus_lite_v-simulator | < 4.0.19.0 | 4.0.19.0 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vendor_oracle7.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f52g-2hwc-v9j6: When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur
ghsa_unreviewed·2023-11-22
CVE-2023-40152 [HIGH] CWE-787 GHSA-f52g-2hwc-v9j6: When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur
When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
CISA ICS
Fuji Electric Tellus Lite V-Simulator
cisa_ics·2023-11-21·CVSS 7.8
[HIGH] Fuji Electric Tellus Lite V-Simulator
ICS Advisory
##
Fuji Electric Tellus Lite V-Simulator
Release DateNovember 21, 2023
Alert CodeICSA-23-325-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Fuji Electric
- Equipment: Tellus Lite V-Simulator
- Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed, allow remote code execution, or overwrite files.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Fuji Electric reports that the following versions of Tellus Lite V-Simulator remote monitoring software are affected:
- Tellus Lite V-Simulator: versions prior to V4.0.19.0
## 3.2 Vulnerability Overview
3.2
Oracle
Oracle Oracle Analytics Risk Matrix: Development Operations (XStream) — CVE-2022-40152
vendor_oracle·2023-10-15·CVSS 7.5
CVE-2022-40152 [MEDIUM] Oracle Oracle Analytics Risk Matrix: Development Operations (XStream) — CVE-2022-40152
Oracle Oracle Analytics Risk Matrix: Development Operations (XStream) vulnerability
CVE: CVE-2022-40152
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2023 (OCT 2023)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Woodstox) — CVE-2022-40152
vendor_oracle·2023-07-15·CVSS 7.5
CVE-2022-40152 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Woodstox) — CVE-2022-40152
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Woodstox) vulnerability
CVE: CVE-2022-40152
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Oracle
Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache CXF) — CVE-2022-40152
vendor_oracle·2023-04-15·CVSS 7.5
CVE-2022-40152 [MEDIUM] Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache CXF) — CVE-2022-40152
Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache CXF) vulnerability
CVE: CVE-2022-40152
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71ahttps://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71ahttps://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
2023-11-22
Published