From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2. Vulnerability ID: ZDI-24-1627, ZDI-CAN-24769 3. CVE ID: CVE-2024-11801 4. CVSS Score: 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 5. Affected Vendor: Fuji Electric 6. Affected Product: Tellus Lite 7. Vulnerability Details: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Fuji Electric Tellus Lite installations. - User interaction is required, such as visiting a malicious page or opening a malicious file. - The issue lies in the V8 file parsing within the V-Simulator 5 component. Due to insufficient validation of user-supplied data, out-of-bounds writes to data structures occur. Attackers can leverage this to execute code within the context of the current process. 8. Additional Details: - On July 16, 2024, ZDI reported the vulnerability to the vendor. - On July 18, 2024, the vendor confirmed receipt of the report. - On March 21, 2024, the vendor acknowledged the reported issue and requested a delay until April 2025. - On October 7, 2024, ZDI notified the vendor that this case would be published as a 0-day disclosure. 9. Mitigation: Due to the nature of the vulnerability, the only mitigation strategy is to restrict interaction with the application. 10. Disclosure Timeline: - July 16, 2024: Vulnerability reported to vendor. - November 27, 2024: Coordinated public announcement. - November 27, 2024: Announcement updated. 11. Credit: kimiya