CVE-2023-5299
📋 TL;DR
A standard user account in Fuji Electric Tellus Lite can overwrite system files due to improper access control. This affects organizations using vulnerable versions of Tellus Lite software, potentially allowing privilege escalation or system disruption.
💻 Affected Systems
- Fuji Electric Tellus Lite
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could overwrite critical system files, leading to complete system compromise, denial of service, or installation of persistent malware.
Likely Case
Standard users could gain unauthorized privileges, modify application configurations, or disrupt normal operations.
If Mitigated
With proper access controls and monitoring, impact would be limited to isolated file modifications with minimal system-wide effects.
🎯 Exploit Status
Requires standard user credentials but exploitation is straightforward once authenticated
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V8.0.1.0
Vendor Advisory: https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
Restart Required: Yes
Instructions:
1. Download Tellus Lite V8.0.1.0 from Fuji Electric support portal. 2. Backup current configuration and data. 3. Install the update following vendor instructions. 4. Restart the system.
🔧 Temporary Workarounds
Restrict user permissions
windowsApply strict file system permissions to limit standard user write access to system directories
icacls "C:\Program Files\Tellus Lite" /deny "Domain\Users":(OI)(CI)W
Implement application whitelisting
windowsUse Windows AppLocker or similar to restrict which applications standard users can execute
🧯 If You Can't Patch
- Implement least privilege access controls and regularly audit user permissions
- Monitor file system changes in Tellus Lite directories and alert on unauthorized modifications
🔍 How to Verify
Check if Vulnerable:
Check Tellus Lite version in Help > About menu or examine installed programs in Windows Control PanelCheck Version:
wmic product where "name like '%Tellus Lite%'" get versionVerify Fix Applied:
Confirm version is V8.0.1.0 or later and test that standard users cannot write to system directories📡 Detection & Monitoring
Log Indicators:
- Windows Security Event Logs showing file write operations by standard users in system directories
- Tellus Lite application logs showing unexpected file modifications
Network Indicators:
- Unusual network connections from Tellus Lite system following file modifications
SIEM Query:
EventID=4663 AND ObjectName LIKE '%Tellus Lite%' AND SubjectUserName NOT IN ('Administrator', 'SYSTEM')🔗 References
- https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
- https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
