1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Fuji Electric
- Equipment: Tellus Lite V-Simulator
- Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Improper Access Control
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed, allow remote code execution, or overwrite files.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Fuji Electric reports that the following versions of Tellus Lite V-Simulator remote monitoring software are affected:
- Tellus Lite V-Simulator: versions prior to V4.0.19.0
3.2 Vulnerability Overview
3.2.1 Stack-based Buffer Overflow CWE-121
Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
CVE-2023-35127 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
3.2.2 Out-of-bounds Write CWE-787
When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
CVE-2023-40152 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
3.2.3 Improper Access Control CWE-284
<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: