CVE-2024-11799: CWE-121: Stack-based Buffer Overflow in Fuji Electric Tellus Lite
CVE-2024-11799 is a high-severity stack-based buffer overflow vulnerability in Fuji Electric Tellus Lite V-Simulator 5 version 4. 0. 20. 0. It arises from improper validation of user-supplied data length when parsing V8 files, allowing remote attackers to execute arbitrary code. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage. The vulnerability enables code execution with the privileges of the current process, potentially compromising confidentiality, integrity, and availability. No known exploits are currently in the wild, but the impact could be severe if leveraged. The vulnerability is tracked as CWE-121 and was assigned by ZDI as ZDI-CAN-24664. Organizations using this software should prioritize patching or mitigating this flaw to prevent remote code execution attacks.
AI Analysis
Technical Summary
CVE-2024-11799 is a stack-based buffer overflow vulnerability found in Fuji Electric Tellus Lite V-Simulator 5, specifically version 4.0.20.0. The flaw exists in the component responsible for parsing V8 files, where the software fails to properly validate the length of user-supplied data before copying it into a fixed-length buffer on the stack. This lack of bounds checking allows an attacker to overflow the buffer, overwriting adjacent memory and enabling arbitrary code execution within the context of the vulnerable process. Exploitation requires user interaction, such as opening a maliciously crafted V8 file or visiting a malicious webpage that triggers the vulnerable parsing routine. The vulnerability is classified under CWE-121 (stack-based buffer overflow) and carries a CVSS v3.0 score of 7.8, indicating high severity. The attack vector is local (AV:L) but requires low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). Successful exploitation compromises confidentiality, integrity, and availability of the affected system. While no public exploits are known at this time, the vulnerability poses a significant risk to environments running the affected Fuji Electric Tellus Lite version. The vulnerability was reported and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24664.
Potential Impact
The vulnerability allows remote attackers to execute arbitrary code with the privileges of the affected process, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, modification or destruction of critical information, and disruption of industrial control processes managed by Fuji Electric Tellus Lite. Given the software’s role in industrial automation and control, exploitation could have severe operational impacts, including downtime, safety hazards, and financial losses. The requirement for user interaction limits mass exploitation but targeted attacks against industrial environments remain a serious concern. Organizations relying on this software for critical infrastructure or manufacturing processes face elevated risks of espionage, sabotage, or ransomware attacks leveraging this vulnerability.
Mitigation Recommendations
Since no official patches are currently available, organizations should implement the following mitigations: 1) Restrict access to Fuji Electric Tellus Lite systems and limit user privileges to reduce the impact of potential exploitation. 2) Employ network segmentation to isolate vulnerable systems from untrusted networks and reduce exposure. 3) Educate users to avoid opening untrusted V8 files or visiting suspicious websites that could trigger the vulnerability. 4) Monitor logs and network traffic for unusual activity indicative of exploitation attempts. 5) Use application whitelisting and endpoint protection solutions capable of detecting anomalous behavior or code execution. 6) Engage with Fuji Electric for timely updates and apply patches immediately once released. 7) Consider deploying virtual patching or intrusion prevention systems to block exploit attempts targeting this vulnerability.
Affected Countries
Japan, United States, Germany, South Korea, China, France, United Kingdom, Italy, Canada, Australia
CVE-2024-11799: CWE-121: Stack-based Buffer Overflow in Fuji Electric Tellus Lite
Description
CVE-2024-11799 is a high-severity stack-based buffer overflow vulnerability in Fuji Electric Tellus Lite V-Simulator 5 version 4. 0. 20. 0. It arises from improper validation of user-supplied data length when parsing V8 files, allowing remote attackers to execute arbitrary code. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage. The vulnerability enables code execution with the privileges of the current process, potentially compromising confidentiality, integrity, and availability. No known exploits are currently in the wild, but the impact could be severe if leveraged. The vulnerability is tracked as CWE-121 and was assigned by ZDI as ZDI-CAN-24664. Organizations using this software should prioritize patching or mitigating this flaw to prevent remote code execution attacks.
AI-Powered Analysis
Technical Analysis
CVE-2024-11799 is a stack-based buffer overflow vulnerability found in Fuji Electric Tellus Lite V-Simulator 5, specifically version 4.0.20.0. The flaw exists in the component responsible for parsing V8 files, where the software fails to properly validate the length of user-supplied data before copying it into a fixed-length buffer on the stack. This lack of bounds checking allows an attacker to overflow the buffer, overwriting adjacent memory and enabling arbitrary code execution within the context of the vulnerable process. Exploitation requires user interaction, such as opening a maliciously crafted V8 file or visiting a malicious webpage that triggers the vulnerable parsing routine. The vulnerability is classified under CWE-121 (stack-based buffer overflow) and carries a CVSS v3.0 score of 7.8, indicating high severity. The attack vector is local (AV:L) but requires low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). Successful exploitation compromises confidentiality, integrity, and availability of the affected system. While no public exploits are known at this time, the vulnerability poses a significant risk to environments running the affected Fuji Electric Tellus Lite version. The vulnerability was reported and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24664.
Potential Impact
The vulnerability allows remote attackers to execute arbitrary code with the privileges of the affected process, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, modification or destruction of critical information, and disruption of industrial control processes managed by Fuji Electric Tellus Lite. Given the software’s role in industrial automation and control, exploitation could have severe operational impacts, including downtime, safety hazards, and financial losses. The requirement for user interaction limits mass exploitation but targeted attacks against industrial environments remain a serious concern. Organizations relying on this software for critical infrastructure or manufacturing processes face elevated risks of espionage, sabotage, or ransomware attacks leveraging this vulnerability.
Mitigation Recommendations
Since no official patches are currently available, organizations should implement the following mitigations: 1) Restrict access to Fuji Electric Tellus Lite systems and limit user privileges to reduce the impact of potential exploitation. 2) Employ network segmentation to isolate vulnerable systems from untrusted networks and reduce exposure. 3) Educate users to avoid opening untrusted V8 files or visiting suspicious websites that could trigger the vulnerability. 4) Monitor logs and network traffic for unusual activity indicative of exploitation attempts. 5) Use application whitelisting and endpoint protection solutions capable of detecting anomalous behavior or code execution. 6) Engage with Fuji Electric for timely updates and apply patches immediately once released. 7) Consider deploying virtual patching or intrusion prevention systems to block exploit attempts targeting this vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-11-26T16:02:30.077Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6e1fb7ef31ef0b5965bc
Added to database: 2/25/2026, 9:48:15 PM
Last enriched: 2/26/2026, 5:41:18 AM
Last updated: 2/26/2026, 7:16:55 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumCVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.