CVE-2023-32276 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2023-32276?

CVE-2023-32276 has a CVSS score of 7.8 (HIGH). A stack-based buffer overflow vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 allows attackers to execute arbitrary code or disclose information by tricking users into opening specially crafted V8 files. This affects industrial control system operators using these specific versions of Fuji Electric's TELLUS software for monitoring and control applications.

📋 TL;DR

A stack-based buffer overflow vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 allows attackers to execute arbitrary code or disclose information by tricking users into opening specially crafted V8 files. This affects industrial control system operators using these specific versions of Fuji Electric's TELLUS software for monitoring and control applications.

💻 Affected Systems

Products:

TELLUS
TELLUS Lite

Versions: v4.0.15.0

Operating Systems: Windows (based on typical TELLUS deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 4.0.15.0 specifically; requires user to open malicious V8 file format used by TELLUS software.

📦 What is this software?

Tellus by Fujielectric

View all CVEs affecting Tellus →

Tellus Lite by Fujielectric

View all CVEs affecting Tellus Lite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to industrial process disruption, data theft, or lateral movement within operational technology networks.

🟠

Likely Case

Local privilege escalation or denial of service on affected systems when users open malicious V8 files, potentially disrupting monitoring operations.

🟢

If Mitigated

Limited impact with proper network segmentation and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW - Requires user interaction with malicious files, typically not directly internet-exposed.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised shares to execute malicious V8 files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file; buffer overflow exploitation requires specific knowledge of TELLUS V8 file format.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version beyond v4.0.15.0

Vendor Advisory: https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php

Restart Required: Yes

Instructions:

1. Download latest TELLUS/TELLUS Lite version from Fuji Electric's website. 2. Backup existing configurations. 3. Install updated version. 4. Restart system. 5. Verify version update.

🔧 Temporary Workarounds

Restrict V8 file handling

windows

Block or restrict opening of .v8 files from untrusted sources

User awareness training

all

Train users not to open V8 files from unknown sources

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized V8 file execution
Network segmentation to isolate TELLUS systems from general user networks

🔍 How to Verify

Check if Vulnerable:

Check TELLUS/TELLUS Lite version in application about dialog or installation directory

Check Version:

Check application properties or about dialog in TELLUS software

Verify Fix Applied:

Confirm version is no longer v4.0.15.0 after update

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening V8 files
Unusual process execution from TELLUS

Network Indicators:

Unexpected file transfers of V8 files to TELLUS systems

SIEM Query:

Process creation where parent process contains 'TELLUS' and command line contains .v8 file extension

📊 Metadata

CVE ID: CVE-2023-32276

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 19, 2023

Last Updated: December 23, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU98818508/ Third Party Advisory
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php Release Notes
https://jvn.jp/en/vu/JVNVU98818508/ Third Party Advisory
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32276, you might also want to check these: