PT-2023-6871 · Unknown · Tellus Simulator
Michael Heinzl
·
Published
2023-11-10
·
Updated
2023-11-22
·
CVE-2023-47583
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TELLUS Simulator versions 4.0.17.0 and earlier
Description
The issue is related to out-of-bounds read vulnerabilities. If a user opens a specially crafted file, such as an X1 or V9 file, information may be disclosed and/or arbitrary code may be executed. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code using a specially formed file.
Recommendations
For TELLUS Simulator versions 4.0.17.0 and earlier, consider avoiding the use of specially crafted X1 or V9 files until a patch is available. As a temporary workaround, restrict access to files that could potentially exploit this issue to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tellus Simulator