Login Sign Up

CVE-2023-32538

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 allows attackers to execute arbitrary code or disclose information by tricking users into opening malicious SIM2 files. This affects industrial control systems using these specific versions of Fuji Electric's TELLUS software. The vulnerability is distinct from similar CVEs affecting the same software.

💻 Affected Systems

Products:
  • TELLUS
  • TELLUS Lite
Versions: v4.0.15.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where users open SIM2 files from untrusted sources. Industrial control systems in manufacturing/energy sectors are primary targets.

📦 What is this software?

Tellus by Fujielectric

View all CVEs affecting Tellus →

Tellus Lite by Fujielectric

View all CVEs affecting Tellus Lite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to industrial process disruption, data theft, or ransomware deployment on affected systems.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to industrial control systems and potential manipulation of monitoring data.

🟢

If Mitigated

Limited impact with proper network segmentation and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: HIGH with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious file). No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.0.16.0 or later

Vendor Advisory: https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php

Restart Required: Yes

Instructions:

1. Download updated version from Fuji Electric's website. 2. Backup configuration files. 3. Install update following vendor instructions. 4. Restart system. 5. Verify version update.

🔧 Temporary Workarounds

Restrict SIM2 file handling

windows

Block or restrict opening of SIM2 files from untrusted sources

User awareness training

all

Train operators to only open SIM2 files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized executables
  • Network segmentation to isolate TELLUS systems from general network

🔍 How to Verify

Check if Vulnerable:

Check TELLUS version in application Help > About menu

Check Version:

Not applicable - check through application GUI

Verify Fix Applied:

Verify version is v4.0.16.0 or later in Help > About menu

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes
  • Unusual file access patterns for SIM2 files
  • Failed application updates

Network Indicators:

  • Unusual outbound connections from TELLUS systems
  • File transfers to/from TELLUS systems

SIEM Query:

Process:TELLUS.exe AND (EventID:1000 OR EventID:1001) OR FileExtension:.sim2 AND SourceIP:External

📊 Metadata

CVE ID: CVE-2023-32538
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 19, 2023
Last Updated: December 23, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32538, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)