OTPulse
FeedAboutContact

Fuji Electric Tellus Lite V-Simulator

Plan Patch7.8ICS-CERT ICSA-23-325-02Nov 21, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Fuji Electric Tellus Lite V-Simulator contains buffer overflow and access control vulnerabilities (CWE-121, CWE-787, CWE-284) that could allow local code execution, device crash, or file overwrite on affected versions prior to 4.0.19.0.

What this means
What could happen
An attacker with local access to a workstation running Tellus Lite V-Simulator could execute arbitrary code on the device, crash the simulator, or modify simulation files—potentially affecting control system testing and validation workflows.
Who's at risk
Energy sector organizations using Fuji Electric Tellus Lite V-Simulator on engineering or testing workstations should be aware that versions before 4.0.19.0 are vulnerable. This affects control system engineers and IT staff who use this simulator for PLC programming, testing, and validation.
How it could be exploited
An attacker would need local access to a machine running Tellus Lite V-Simulator and could trigger the buffer overflow vulnerability through interaction with the simulator application (e.g., by supplying malformed input or opening a specially crafted file), leading to code execution or crash.
Prerequisites
  • Local access to the workstation running Tellus Lite V-Simulator
  • Ability to interact with the simulator application or open files it processes
  • Vulnerable version prior to 4.0.19.0 installed
low complexity exploitationno authentication required for local accessaffects control system engineering toolsno patch available for versions before 4.0.19.0
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Tellus Lite V-Simulator: <V4.0.19.0<V4.0.19.04.0.19.0
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict local access to workstations running Tellus Lite V-Simulator to authorized engineering staff only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Tellus Lite V-Simulator to version 4.0.19.0 or later
Long-term hardening
0/2
HARDENINGIsolate engineering workstations running Tellus Lite V-Simulator from internet-connected networks
HARDENINGImplement endpoint security controls (antivirus, file integrity monitoring) on workstations running the simulator
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4192297a-b49b-435f-a813-3993cf0cbda5
Fuji Electric Tellus Lite V-Simulator | CVSS 7.8 - OTPulse