Lucene search

IcscertCVELIST:CVE-2023-5299

HistoryNov 22, 2023 - 12:41 a.m.

CVE-2023-5299 Fuji Electric Tellus Lite V-Simulator Improper Access Control

2023-11-2200:41:18

CWE-284

icscert

www.cve.org

cve-2023-5299

fuji electric

tellus lite

v-simulator

improper access control

file overwrite

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Tellus Lite V-Simulator",
    "vendor": "Fuji Electric",
    "versions": [
      {
        "lessThan": "4.0.19.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a

www.cisa.gov/news-events/ics-advisories/icsa-23-325-02

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVELIST:CVE-2023-5299