[Japanese]

JVNDB-2023-002072

Multiple vulnerabilities in Fuji Electric products

Overview

Multiple vulnerabilities listed below exist in the simulator module and the remote monitoring software 'V-Server Lite' and 'V-Server' contained in the graphic editor 'V-SFT', and the remote monitoring software 'TELLUS' and 'TELLUS Lite' provided by FUJI ELECTRIC CO., LTD.

* Stack-based buffer overflow in V-Serve, V-Server Lite (CWE-121) - CVE-2023-31239
* Stack-based buffer overflow in TELLUS, TELLUS Lite (CWE-121) - CVE-2023-32538, CVE-2023-32273, CVE-2023-32201
* Out-of-bounds read in TELLUS, TELLUS Lite (CWE-125) - CVE-2023-32288
* Stack-based buffer overflow in TELLUS, TELLUS Lite (CWE-121) - CVE-2023-32276
* Access of memory location after end of buffer in TELLUS, TELLUS Lite (CWE-788) - CVE-2023-32270
* Out-of-bounds read in TELLUS, TELLUS Lite (CWE-125) - CVE-2023-32542

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-31239

CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32538

CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32273

CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32201

CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32288

CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32276

CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32270

CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32542
Affected Products


Fuji Electric Co., Ltd.
  • TELLUS v4.0.15.0 and earlier - CVE-2023-32276, CVE-2023-32270, CVE-2023-32542
  • TELLUS v4.0.15.0 and earlier - CVE-2023-32288
  • TELLUS v4.0.15.0 and earlier - CVE-2023-32538, CVE-2023-32273, CVE-2023-32201
  • TELLUS Lite v4.0.15.0 and earlier - CVE-2023-32276, CVE-2023-32270, CVE-2023-32542
  • TELLUS Lite v4.0.15.0 and earlier - CVE-2023-32288
  • TELLUS Lite v4.0.15.0 and earlier - CVE-2023-32538, CVE-2023-32273, CVE-2023-32201
  • V-Server v4.0.15.0 and earlier - CVE-2023-31239
  • V-Server Lite v4.0.15.0 and earlier - CVE-2023-31239

Impact

CVE-2023-31239
Opening a specially crafted VPR file may lead to arbitrary code execution.

CVE-2023-32538, CVE-2023-32273, CVE-2023-32201
Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution.

CVE-2023-32288
Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.

CVE-2023-32276, CVE-2023-32270, CVE-2023-32542
Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

Fuji Electric Co., Ltd.
CWE (What is CWE?)

  1. Stack-based Buffer Overflow(CWE-121) [Other]
  2. Out-of-bounds Read(CWE-125) [Other]
  3. Access of Memory Location After End of Buffer(CWE-788) [Other]
CVE (What is CVE?)

  1. CVE-2023-31239
  2. CVE-2023-32538
  3. CVE-2023-32273
  4. CVE-2023-32201
  5. CVE-2023-32288
  6. CVE-2023-32276
  7. CVE-2023-32270
  8. CVE-2023-32542
References

  1. JVN : JVNVU#98818508
  2. National Vulnerability Database (NVD) : CVE-2023-31239
  3. National Vulnerability Database (NVD) : CVE-2023-32201
  4. National Vulnerability Database (NVD) : CVE-2023-32270
  5. National Vulnerability Database (NVD) : CVE-2023-32273
  6. National Vulnerability Database (NVD) : CVE-2023-32276
  7. National Vulnerability Database (NVD) : CVE-2023-32288
  8. National Vulnerability Database (NVD) : CVE-2023-32538
  9. National Vulnerability Database (NVD) : CVE-2023-32542
Revision History

  • [2023/06/09]
      Web page was published
  • [2024/05/23]
      References : Contents were added

Date Public2023/06/08
Date First Published2023/06/09
Date Last Updated2024/05/23