CVE-2023-47582

2023-11-1505:41:09

jpcert

www.cve.org

cve-2023-47582

uninitialized pointer

tellus v4.0.17.0

tellus lite v4.0.17.0

specially crafted file

information disclosure

arbitrary code execution

0.001 Low

EPSS

Percentile

19.8%

JSON

Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

CNA Affected

[
  {
    "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
    "product": "TELLUS",
    "versions": [
      {
        "version": "V4.0.17.0 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
    "product": "TELLUS Lite",
    "versions": [
      {
        "version": "V4.0.17.0 and earlier",
        "status": "affected"
      }
    ]
  }
]