CVE-2021-22653 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2021-22653?

CVE-2021-22653 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code on affected systems by crafting malicious project files that trigger out-of-bounds writes. It affects Tellus Lite V-Simulator and V-Server Lite software versions prior to 4.0.10.0, potentially compromising industrial control systems.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on affected systems by crafting malicious project files that trigger out-of-bounds writes. It affects Tellus Lite V-Simulator and V-Server Lite software versions prior to 4.0.10.0, potentially compromising industrial control systems.

💻 Affected Systems

Products:

Tellus Lite V-Simulator
Tellus Lite V-Server Lite

Versions: All versions prior to 4.0.10.0

Operating Systems: Windows (based on typical ICS software deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems that process project files, which is core functionality of these industrial simulation and server applications.

📦 What is this software?

V Server by Fujielectric

View all CVEs affecting V Server →

V Simulator by Fujielectric

View all CVEs affecting V Simulator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to execute arbitrary code, disrupt industrial processes, steal sensitive data, or pivot to other network systems.

🟠

Likely Case

Local privilege escalation or remote code execution when malicious project files are loaded, potentially disrupting industrial operations.

🟢

If Mitigated

Limited impact with proper network segmentation and file validation controls in place.

🌐 Internet-Facing: MEDIUM - Risk exists if systems are internet-facing and accept project files from untrusted sources.

🏢 Internal Only: HIGH - Industrial control systems often process project files from various sources internally, creating significant attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the victim to load a malicious project file, which could be delivered via social engineering or compromised project repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.10.0

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01

Restart Required: Yes

Instructions:

1. Download version 4.0.10.0 or later from the vendor. 2. Backup existing configurations and project files. 3. Install the update following vendor instructions. 4. Restart the application and verify functionality.

🔧 Temporary Workarounds

Restrict project file sources

all

Only load project files from trusted, verified sources and implement file validation procedures.

Network segmentation

all

Isolate affected systems from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted users from loading project files
Deploy application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check software version in application settings or About dialog. If version is below 4.0.10.0, system is vulnerable.

Check Version:

Check application GUI or documentation for version information (no standard CLI command available)

Verify Fix Applied:

Verify version is 4.0.10.0 or higher and test loading of legitimate project files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Failed project file loads
Unexpected application crashes
Suspicious process creation after file load

Network Indicators:

Unexpected network connections from Tellus processes
File transfers to/from Tellus systems

SIEM Query:

Process creation where parent process contains 'Tellus' AND (command line contains '.prj' OR file path contains project files)

📊 Metadata

CVE ID: CVE-2021-22653

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 27, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22653, you might also want to check these: