Login Sign Up

CVE-2023-47586

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or disclose sensitive information by tricking users into opening malicious VPR files. It affects V-Server and V-Server Lite software versions up to V4.0.18.0. Users of these industrial automation software products are at risk.

💻 Affected Systems

Products:
  • V-Server
  • V-Server Lite
Versions: V4.0.18.0 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both full V-Server and V-Server Lite editions. Requires user interaction to open malicious VPR files.

📦 What is this software?

V Server by Fujielectric

View all CVEs affecting V Server →

V Server by Fujielectric

View all CVEs affecting V Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to data theft, system manipulation, or lateral movement within industrial control networks.

🟠

Likely Case

Local privilege escalation or data exfiltration from the affected system, potentially disrupting industrial processes.

🟢

If Mitigated

Limited impact if file execution is restricted through application whitelisting and user awareness training prevents opening untrusted files.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.0.19.0 or later

Vendor Advisory: https://hakko-elec.co.jp/site/download/03tellus_inf/index.php

Restart Required: Yes

Instructions:

1. Download updated version from vendor website. 2. Backup configuration files. 3. Uninstall current version. 4. Install updated version. 5. Restore configuration files. 6. Restart system.

🔧 Temporary Workarounds

Restrict VPR file execution

windows

Configure application control policies to prevent execution of VPR files from untrusted sources.

Use Windows AppLocker or similar to block VPR file execution

User awareness training

all

Train users to only open VPR files from trusted sources and verify file integrity.

🧯 If You Can't Patch

  • Implement strict application whitelisting to prevent unauthorized VPR file execution
  • Isolate affected systems from critical networks and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check Help > About in V-Server application to see if version is V4.0.18.0 or earlier.

Check Version:

Check application version in Help > About menu within V-Server software

Verify Fix Applied:

Verify installed version is V4.0.19.0 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected VPR file access events
  • Process creation from V-Server with unusual parameters
  • Memory access violations in application logs

Network Indicators:

  • Unusual outbound connections from V-Server process
  • File transfers involving VPR files from untrusted sources

SIEM Query:

Process Creation where Image contains 'V-Server' and CommandLine contains '.vpr'

📊 Metadata

CVE ID: CVE-2023-47586
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 15, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47586, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)