CVE-2023-47580 – This vulnerability involves multiple buffer ove... (How to Fix)

Q: What is the severity of CVE-2023-47580?

CVE-2023-47580 has a CVSS score of 7.8 (HIGH). This vulnerability involves multiple buffer overflow issues in TELLUS and TELLUS Lite software versions up to V4.0.17.0. Attackers can exploit these flaws by tricking users into opening specially crafted X1, V8, or V9 files, potentially leading to information disclosure or remote code execution. Organizations using affected TELLUS versions for industrial control or monitoring systems are at risk.

📋 TL;DR

This vulnerability involves multiple buffer overflow issues in TELLUS and TELLUS Lite software versions up to V4.0.17.0. Attackers can exploit these flaws by tricking users into opening specially crafted X1, V8, or V9 files, potentially leading to information disclosure or remote code execution. Organizations using affected TELLUS versions for industrial control or monitoring systems are at risk.

💻 Affected Systems

Products:

TELLUS
TELLUS Lite

Versions: V4.0.17.0 and earlier

Operating Systems: Windows (based on typical industrial software deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when opening specially crafted X1, V8, or V9 files. These are proprietary file formats used by TELLUS software.

📦 What is this software?

Tellus by Fujielectric

View all CVEs affecting Tellus →

Tellus Lite by Fujielectric

View all CVEs affecting Tellus Lite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution, allowing attackers to steal sensitive data, disrupt industrial processes, or pivot to other network systems.

🟠

Likely Case

Information disclosure from memory buffers or limited code execution within the TELLUS application context, potentially exposing configuration data or causing application crashes.

🟢

If Mitigated

Application crash without code execution if memory protections are enabled, though information disclosure may still occur.

🌐 Internet-Facing: MEDIUM - Exploitation requires user interaction to open malicious files, but these could be delivered via email or web downloads.

🏢 Internal Only: HIGH - Industrial control systems often have trusted internal users who might inadvertently open malicious files shared internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to get users to open malicious files. No public exploit code is known, but buffer overflow vulnerabilities are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after V4.0.17.0

Vendor Advisory: https://hakko-elec.co.jp/site/download/03tellus_inf/index.php

Restart Required: Yes

Instructions:

1. Download latest TELLUS version from vendor website. 2. Backup existing configurations. 3. Install updated version. 4. Restart system and verify functionality.

🔧 Temporary Workarounds

Restrict file opening

windows

Configure TELLUS to only open files from trusted sources and disable automatic file opening features.

Application whitelisting

all

Implement application control to prevent execution of unauthorized TELLUS processes or file types.

🧯 If You Can't Patch

Implement strict user training about opening untrusted X1/V8/V9 files
Deploy endpoint protection with memory protection features enabled

🔍 How to Verify

Check if Vulnerable:

Check TELLUS version in Help > About menu. If version is V4.0.17.0 or earlier, system is vulnerable.

Check Version:

Check TELLUS application interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\TELLUS\Version

Verify Fix Applied:

Verify TELLUS version shows higher than V4.0.17.0 after update. Test file opening functionality with known good files.

📡 Detection & Monitoring

Log Indicators:

TELLUS application crashes
Unexpected file access to X1/V8/V9 extensions
Memory access violation events

Network Indicators:

Unusual outbound connections from TELLUS systems
File transfers of TELLUS proprietary formats

SIEM Query:

source="TELLUS" AND (event_type="crash" OR file_extension IN ("x1", "v8", "v9"))

📊 Metadata

CVE ID: CVE-2023-47580

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: November 15, 2023

Last Updated: November 21, 2024

🔗 References

https://hakko-elec.co.jp/site/download/03tellus_inf/index.php Vendor Advisory
https://jvn.jp/en/vu/JVNVU93840158/ Third Party Advisory
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php Vendor Advisory
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php Vendor Advisory
https://jvn.jp/en/vu/JVNVU93840158/ Third Party Advisory
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47580, you might also want to check these: