All the vulnerabilites related to fujielectric - tellus_lite_v-simulator
Vulnerability from fkie_nvd
Published
2023-01-17 00:15
Modified
2024-11-21 07:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47C3BE1B-1879-4BF9-9CC8-BAAE52A6637C",
"versionEndIncluding": "4.0.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\n\n\n"
},
{
"lang": "es",
"value": "Las versiones 4.0.12.0 y anteriores de Fuji Electric Tellus Lite V-Simulator son vulnerables a una escritura fuera de los l\u00edmites que puede permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-3087",
"lastModified": "2024-11-21T07:18:47.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-17T00:15:10.413",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-22 01:15
Modified
2024-11-21 08:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB64D74-124B-4253-9018-B274D252FA34",
"versionEndExcluding": "4.0.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur."
},
{
"lang": "es",
"value": "Cuando Fuji Electric Tellus Lite V-Simulator analiza un archivo de entrada especialmente manipulado, puede producirse una escritura fuera de los l\u00edmites."
}
],
"id": "CVE-2023-40152",
"lastModified": "2024-11-21T08:18:52.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-22T01:15:08.007",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-28 00:15
Modified
2024-12-03 16:16
Severity ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1628/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | 4.0.20.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:4.0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F12BBC-7A23-41AB-B7F8-28C263FAFBE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila en el an\u00e1lisis de archivos de Fuji Electric Tellus Lite V-Simulator 5 V8. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Fuji Electric Tellus Lite. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos V8 en el componente V-Simulator 5. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24770."
}
],
"id": "CVE-2024-11802",
"lastModified": "2024-12-03T16:16:58.833",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-28T00:15:06.007",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1628/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-22 01:15
Modified
2024-11-21 08:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB64D74-124B-4253-9018-B274D252FA34",
"versionEndExcluding": "4.0.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file."
},
{
"lang": "es",
"value": "Puede producirse un desbordamiento del b\u00fafer basado en pila cuando Fuji Electric Tellus Lite V-Simulator analiza un archivo de entrada especialmente manipulado."
}
],
"id": "CVE-2023-35127",
"lastModified": "2024-11-21T08:07:59.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-22T01:15:07.813",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-22 01:15
Modified
2024-11-21 08:41
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB64D74-124B-4253-9018-B274D252FA34",
"versionEndExcluding": "4.0.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system."
},
{
"lang": "es",
"value": "Un usuario con una cuenta est\u00e1ndar en Fuji Electric Tellus Lite puede sobrescribir archivos en el sistema."
}
],
"id": "CVE-2023-5299",
"lastModified": "2024-11-21T08:41:28.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-22T01:15:08.187",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-28 00:15
Modified
2024-12-03 16:22
Severity ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1625/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | 4.0.20.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:4.0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F12BBC-7A23-41AB-B7F8-28C263FAFBE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila de an\u00e1lisis de archivos de Fuji Electric Tellus Lite V-Simulator 5 V8. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Fuji Electric Tellus Lite. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos V8 en el componente V-Simulator 5. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24664."
}
],
"id": "CVE-2024-11799",
"lastModified": "2024-12-03T16:22:54.423",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-28T00:15:05.603",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1625/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-28 00:15
Modified
2024-12-03 16:22
Severity ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1627/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | 4.0.20.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:4.0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F12BBC-7A23-41AB-B7F8-28C263FAFBE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en Fuji Electric Tellus Lite V-Simulator 5 V8 al analizar archivos fuera de los l\u00edmites. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Fuji Electric Tellus Lite. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos V8 en el componente V-Simulator 5. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una escritura m\u00e1s all\u00e1 del final de una estructura de datos asignada. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24769."
}
],
"id": "CVE-2024-11801",
"lastModified": "2024-12-03T16:22:22.837",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-28T00:15:05.873",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1627/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-13 18:15
Modified
2024-11-21 09:23
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "061A8685-2CB2-40CA-98CE-BD84FCEF100A",
"versionEndExcluding": "4.0.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code."
},
{
"lang": "es",
"value": "Fuji Electric Tellus Lite V-Simulator es vulnerable a una escritura fuera de los l\u00edmites, lo que podr\u00eda permitir a un atacante manipular la memoria, lo que resultar\u00eda en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2024-37022",
"lastModified": "2024-11-21T09:23:03.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-06-13T18:15:10.547",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-28 00:15
Modified
2024-12-03 16:16
Severity ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1629/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | 4.0.20.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:4.0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F12BBC-7A23-41AB-B7F8-28C263FAFBE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en Fuji Electric Tellus Lite V-Simulator 5 V8 al analizar archivos fuera de los l\u00edmites. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Fuji Electric Tellus Lite. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos V8 en el componente V-Simulator 5. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una escritura m\u00e1s all\u00e1 del final de una estructura de datos asignada. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24771."
}
],
"id": "CVE-2024-11803",
"lastModified": "2024-12-03T16:16:42.027",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-28T00:15:06.143",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1629/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-19 00:15
Modified
2024-11-21 07:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47C3BE1B-1879-4BF9-9CC8-BAAE52A6637C",
"versionEndIncluding": "4.0.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\n\n"
},
{
"lang": "es",
"value": "Fuji Electric Tellus Lite V-Simulator versiones 4.0.12.0 y anteriores son vulnerables a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria que puede permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-3085",
"lastModified": "2024-11-21T07:18:47.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-19T00:15:10.380",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-13 18:15
Modified
2024-11-21 09:23
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Fuji Electric Tellus Lite V-Simulator
is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "061A8685-2CB2-40CA-98CE-BD84FCEF100A",
"versionEndExcluding": "4.0.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "Fuji Electric Tellus Lite V-Simulator es vulnerable a un desbordamiento del b\u00fafer basado en pila, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2024-37029",
"lastModified": "2024-11-21T09:23:04.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-06-13T18:15:10.790",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-28 00:15
Modified
2024-12-03 16:22
Severity ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1626/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujielectric | tellus_lite_v-simulator | 4.0.20.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujielectric:tellus_lite_v-simulator:4.0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F12BBC-7A23-41AB-B7F8-28C263FAFBE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila de an\u00e1lisis de archivos de Fuji Electric Tellus Lite V-Simulator 5 V8. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Fuji Electric Tellus Lite. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos V8 en el componente V-Simulator 5. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24768."
}
],
"id": "CVE-2024-11800",
"lastModified": "2024-12-03T16:22:41.957",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-28T00:15:05.747",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1626/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-11801
Vulnerability from cvelistv5
Published
2024-11-27 23:35
Modified
2024-11-29 16:49
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1627/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite |
Version: 4.0.20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:tellus_lite:4.0.20.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tellus_lite",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:49:30.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Tellus Lite",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:40.982-06:00",
"datePublic": "2024-11-27T15:00:58.123-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:35:06.196Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1627",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1627/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11801",
"datePublished": "2024-11-27T23:35:06.196Z",
"dateReserved": "2024-11-26T16:02:40.960Z",
"dateUpdated": "2024-11-29T16:49:30.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37022
Vulnerability from cvelistv5
Published
2024-06-13 17:25
Modified
2024-08-02 03:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite V-Simulator |
Version: 0 < 4.0.20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tellus_lite_v-simulator",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "4.0.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T18:48:57.921592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T18:51:44.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-06-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T17:25:49.609Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "Fuji Electric recommends users update to v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
}
],
"source": {
"advisory": "ICSA-24-165-14",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-37022",
"datePublished": "2024-06-13T17:25:49.609Z",
"dateReserved": "2024-06-06T17:39:34.310Z",
"dateUpdated": "2024-08-02T03:43:50.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37029
Vulnerability from cvelistv5
Published
2024-06-13 17:23
Modified
2024-08-02 03:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator
is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite V-Simulator |
Version: 0 < 4.0.20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:tellus_lite_v-simulator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tellus_lite_v-simulator",
"vendor": "fujielectric",
"versions": [
{
"lessThan": "4.0.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T18:55:22.773512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T18:51:36.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-06-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.\n\n"
}
],
"value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T17:23:40.591Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\"\u003ev4.0.20.0\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "Fuji Electric recommends users update to v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
}
],
"source": {
"advisory": "ICSA-24-165-14",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-37029",
"datePublished": "2024-06-13T17:23:40.591Z",
"dateReserved": "2024-06-06T17:39:34.317Z",
"dateUpdated": "2024-08-02T03:43:50.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11799
Vulnerability from cvelistv5
Published
2024-11-27 23:34
Modified
2024-11-29 16:45
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1625/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite |
Version: 4.0.20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:tellus_lite:4.0.20.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tellus_lite",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:45:20.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Tellus Lite",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:30.128-06:00",
"datePublic": "2024-11-27T15:00:35.617-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:57.579Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1625",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1625/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11799",
"datePublished": "2024-11-27T23:34:57.579Z",
"dateReserved": "2024-11-26T16:02:30.077Z",
"dateUpdated": "2024-11-29T16:45:20.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5299
Vulnerability from cvelistv5
Published
2023-11-22 00:41
Modified
2024-09-04 18:39
Severity ?
EPSS score ?
Summary
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite V-Simulator |
Version: 0 < 4.0.19.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-28T05:00:25.665128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T18:39:16.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-11-22T00:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.\u003c/span\u003e\n\n"
}
],
"value": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T00:41:18.654Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Fuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator Improper Access Control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5299",
"datePublished": "2023-11-22T00:41:18.654Z",
"dateReserved": "2023-09-29T15:56:03.959Z",
"dateUpdated": "2024-09-04T18:39:16.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3087
Vulnerability from cvelistv5
Published
2023-01-16 23:46
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01 | government-resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite V-Simulator |
Version: 0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThanOrEqual": " 4.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-16T23:46:24.860Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3087",
"datePublished": "2023-01-16T23:46:24.860Z",
"dateReserved": "2022-09-01T18:50:35.423Z",
"dateUpdated": "2024-08-03T01:00:10.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11803
Vulnerability from cvelistv5
Published
2024-11-27 23:35
Modified
2024-11-29 16:49
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1629/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite |
Version: 4.0.20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:tellus_lite:4.0.20.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tellus_lite",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:49:45.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Tellus Lite",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:55.944-06:00",
"datePublic": "2024-11-27T15:01:21.137-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:35:16.103Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1629",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1629/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11803",
"datePublished": "2024-11-27T23:35:16.103Z",
"dateReserved": "2024-11-26T16:02:55.924Z",
"dateUpdated": "2024-11-29T16:49:45.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3085
Vulnerability from cvelistv5
Published
2023-01-18 23:22
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite V-Simulator |
Version: 0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThanOrEqual": " 4.0.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n"
}
],
"value": "\nFuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-18T23:22:02.789Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eFuji Electric recommends users update Tellus Lite V-Simulator to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/download/pod_document.htm?site=global\u0026amp;lang=en\"\u003eversion 4.0.15.0\u003c/a\u003e. \u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nFuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.15.0 https://felib.fujielectric.co.jp/download/pod_document.htm . \n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3085",
"datePublished": "2023-01-18T23:22:02.789Z",
"dateReserved": "2022-09-01T18:49:33.050Z",
"dateUpdated": "2024-08-03T01:00:10.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11800
Vulnerability from cvelistv5
Published
2024-11-27 23:35
Modified
2024-11-29 16:49
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1626/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite |
Version: 4.0.20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:tellus_lite:4.0.20.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tellus_lite",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:49:44.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Tellus Lite",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:34.554-06:00",
"datePublic": "2024-11-27T15:00:46.748-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:35:01.965Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1626",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1626/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11800",
"datePublished": "2024-11-27T23:35:01.965Z",
"dateReserved": "2024-11-26T16:02:34.534Z",
"dateUpdated": "2024-11-29T16:49:44.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35127
Vulnerability from cvelistv5
Published
2023-11-22 00:44
Modified
2024-08-29 19:16
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite V-Simulator |
Version: 0 < 4.0.19.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-28T05:00:27.123789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:16:01.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-11-22T00:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T00:44:26.650Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Fuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-35127",
"datePublished": "2023-11-22T00:44:26.650Z",
"dateReserved": "2023-08-18T17:42:07.395Z",
"dateUpdated": "2024-08-29T19:16:01.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11802
Vulnerability from cvelistv5
Published
2024-11-27 23:35
Modified
2024-11-29 16:49
Severity ?
EPSS score ?
Summary
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1628/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite |
Version: 4.0.20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:tellus_lite:4.0.20.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tellus_lite",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:49:45.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Tellus Lite",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "4.0.20.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:48.356-06:00",
"datePublic": "2024-11-27T15:01:08.699-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:35:12.023Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1628",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1628/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11802",
"datePublished": "2024-11-27T23:35:12.023Z",
"dateReserved": "2024-11-26T16:02:48.337Z",
"dateUpdated": "2024-11-29T16:49:45.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40152
Vulnerability from cvelistv5
Published
2023-11-22 00:42
Modified
2024-08-29 19:51
Severity ?
EPSS score ?
Summary
When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fuji Electric | Tellus Lite V-Simulator |
Version: 0 < 4.0.19.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-28T05:00:26.396580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:51:44.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tellus Lite V-Simulator",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "4.0.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fritz Sands and kimiya working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-11-22T00:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T00:42:49.608Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02"
},
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFuji Electric recommends users \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a\"\u003eupdate Tellus Lite V-Simulator to version 4.0.19.0.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Fuji Electric recommends users update Tellus Lite V-Simulator to version 4.0.19.0. https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-40152",
"datePublished": "2023-11-22T00:42:49.608Z",
"dateReserved": "2023-08-18T17:42:07.401Z",
"dateUpdated": "2024-08-29T19:51:44.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}