CVE-2023-47580 - OpenCVE

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fujielectric	Tellus Tellus Lite

Configuration 1 [-]

OR	cpe:2.3:a:fujielectric:tellus::::::::
	cpe:2.3:a:fujielectric:tellus_lite::::::::

No data.

References

Link	Providers
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php
https://jvn.jp/en/vu/JVNVU93840158/
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-11-15T05:40:43.526Z

Updated: 2024-08-14T18:39:13.041Z

Reserved: 2023-11-07T02:41:20.172Z

Link: CVE-2023-47580

Vulnrichment

Updated: 2024-08-02T21:09:37.401Z

NVD

Status : Modified

Published: 2023-11-15T06:15:28.030

Modified: 2024-08-14T19:35:12.147

Link: CVE-2023-47580

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47580", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-11-07T02:41:20.172Z", "datePublished": "2023-11-15T05:40:43.526Z", "dateUpdated": "2024-08-14T18:39:13.041Z"}, "containers": {"cna": {"affected": [{"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.", "product": "TELLUS", "versions": [{"version": "V4.0.17.0 and earlier", "status": "affected"}]}, {"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.", "product": "TELLUS Lite", "versions": [{"version": "V4.0.17.0 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.\r\n"}], "problemTypes": [{"descriptions": [{"description": "Improper restriction of operations within the bounds of a memory buffer", "lang": "en", "type": "text"}]}], "references": [{"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"}, {"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"}, {"url": "https://jvn.jp/en/vu/JVNVU93840158/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-11-15T05:40:43.526Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:09:37.401Z"}, "title": "CVE Program Container", "references": [{"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php", "tags": ["x_transferred"]}, {"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU93840158/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "affected": [{"vendor": "fujielectric", "product": "tellus", "cpes": ["cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.0.17.0", "versionType": "custom"}]}, {"vendor": "fujielectric", "product": "tellus_lite", "cpes": ["cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.0.17.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T18:23:22.284320Z", "id": "CVE-2023-47580", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:39:13.041Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php", "tags": ["x_transferred"]}, {"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU93840158/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:09:37.401Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-47580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-14T18:23:22.284320Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*"], "vendor": "fujielectric", "product": "tellus", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.0.17.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*"], "vendor": "fujielectric", "product": "tellus_lite", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.0.17.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:39:03.076Z"}}], "cna": {"affected": [{"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.", "product": "TELLUS", "versions": [{"status": "affected", "version": "V4.0.17.0 and earlier"}]}, {"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.", "product": "TELLUS Lite", "versions": [{"status": "affected", "version": "V4.0.17.0 and earlier"}]}], "references": [{"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"}, {"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"}, {"url": "https://jvn.jp/en/vu/JVNVU93840158/"}], "descriptions": [{"lang": "en", "value": "Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.\r\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Improper restriction of operations within the bounds of a memory buffer"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-11-15T05:40:43.526Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47580", "state": "PUBLISHED", "dateUpdated": "2024-08-14T18:39:13.041Z", "dateReserved": "2023-11-07T02:41:20.172Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-11-15T05:40:43.526Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*", "matchCriteriaId": "16ADEC6F-9ADC-423C-A463-413097BDBC3B", "versionEndIncluding": "4.0.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*", "matchCriteriaId": "A35F3F07-97F2-47A2-877D-AFF28F7AAE56", "versionEndIncluding": "4.0.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.\r\n"}, {"lang": "es", "value": "Existen m\u00faltiples problemas de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en TELLUS V4.0.17.0 y anteriores y TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2023-47580", "lastModified": "2024-08-14T19:35:12.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-11-15T06:15:28.030", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU93840158/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}