CVE-2023-5299
published 2023-11-22CVE-2023-5299: A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
PriorityP345high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.48%
38.1th percentile
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fuji_electric | tellus_lite_v-simulator | < 4.0.19.0 | 4.0.19.0 |
| fujielectric | tellus_lite_v-simulator | < 4.0.19.0 | 4.0.19.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Fuji Electric Tellus Lite V-Simulator
cisa_ics·2023-11-21·CVSS 7.8
[HIGH] Fuji Electric Tellus Lite V-Simulator
ICS Advisory
##
Fuji Electric Tellus Lite V-Simulator
Release DateNovember 21, 2023
Alert CodeICSA-23-325-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Fuji Electric
- Equipment: Tellus Lite V-Simulator
- Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed, allow remote code execution, or overwrite files.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Fuji Electric reports that the following versions of Tellus Lite V-Simulator remote monitoring software are affected:
- Tellus Lite V-Simulator: versions prior to V4.0.19.0
## 3.2 Vulnerability Overview
3.2
GHSA
GHSA-j839-m5cq-4qc6: A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system
ghsa_unreviewed·2023-11-22
CVE-2023-5299 [HIGH] CWE-284 GHSA-j839-m5cq-4qc6: A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71ahttps://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71ahttps://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
2023-11-22
Published