Headline
CVE-2023-47586: Improvement information | Hakko Electronics Co., Ltd.
Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
The latest TELLUS and V-Server Improvement information
Improvement information Improvement information list
TELLUS
Ver.4.0.17.0 → Ver.4.0.19.0
Date of Release
2023/11/2
No.
Item
Description
Altered
Ver.
23B0Q01
Communication error
Fixed the defect: When [Comm. Error Handling] is set to [Stop] and a communication error occurs, clicking [Retry] may cause TELLUS to forcibly terminate or freeze.
23B0Q02
Interval timer macro command
Fixed the defect: When the interval timer macro command is constantly running at a cycle of 100 msec or lower, TELLUS may freeze at a rare timing.
23B0Q03
Improvement of vulnerability
Fixed the defect: When a corrupted screen program is opened using TELLUS Ver. 4, the Tellus4.exe file and simulator (VS6Sim.exe) are terminated due to an error.
(Observed vulnerability of TELLUS Ver. 4: JVNVU#93840158)
V-Server
Ver.4.0.18.0 → Ver.4.0.19.0
Date of Release
2023/11/2
No.
Item
Description
Altered
Ver.
23B0S01
Loading recipes
Fixed the defect: V-Server may be forcibly terminated if loading of a recipe is executed.
23B0S02
Improvement of vulnerability
Fixed the defect: When a corrupted screen program is opened using V-Server Ver. 4, the Vserver.exe file is terminated due to an error.
(Observed vulnerability of V-Server Ver. 4: JVNVU#93840158)