All the vulnerabilites related to JTEKT ELECTRONICS CORPORATION - Kostac PLC Programming Software
jvndb-2024-009667
Vulnerability from jvndb
Published
2024-10-03 13:42
Modified
2024-10-03 13:42
Severity ?
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
Details
Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
* Out-of-bounds write (CWE-787) - CVE-2024-47134
* Stack-based buffer overflow (CWE-121) - CVE-2024-47135
* Out-of-bounds read (CWE-125) - CVE-2024-47136
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU92808077/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-47134 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-47135 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-47136 | |
| Stack-based Buffer Overflow(CWE-121) | https://cwe.mitre.org/data/definitions/121.html | |
| Out-of-bounds Read(CWE-125) | https://cwe.mitre.org/data/definitions/125.html | |
| Out-of-bounds Write(CWE-787) | https://cwe.mitre.org/data/definitions/787.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009667.html",
"dc:date": "2024-10-03T13:42+09:00",
"dcterms:issued": "2024-10-03T13:42+09:00",
"dcterms:modified": "2024-10-03T13:42+09:00",
"description": "Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n * Out-of-bounds write (CWE-787) - CVE-2024-47134\r\n * Stack-based buffer overflow (CWE-121) - CVE-2024-47135\r\n * Out-of-bounds read (CWE-125) - CVE-2024-47136\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009667.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:kostac_plc",
"@product": "Kostac PLC Programming Software",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-009667",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92808077/index.html",
"@id": "JVNVU#92808077",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47134",
"@id": "CVE-2024-47134",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47135",
"@id": "CVE-2024-47135",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47136",
"@id": "CVE-2024-47136",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software"
}
jvndb-2023-001304
Vulnerability from jvndb
Published
2023-03-06 15:31
Modified
2024-06-07 16:39
Severity ?
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
Details
Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
* Out-of-bounds read (CWE-125) - CVE-2023-22419, CVE-2023-22421
* Use-after-free (CWE-416) - CVE-2023-22424
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001304.html",
"dc:date": "2024-06-07T16:39+09:00",
"dcterms:issued": "2023-03-06T15:31+09:00",
"dcterms:modified": "2024-06-07T16:39+09:00",
"description": "Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n* Out-of-bounds read (CWE-125) - CVE-2023-22419, CVE-2023-22421\r\n* Use-after-free (CWE-416) - CVE-2023-22424\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001304.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:kostac_plc",
"@product": "Kostac PLC Programming Software",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001304",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU94966432/index.html",
"@id": "JVNVU#94966432",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22419",
"@id": "CVE-2023-22419",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22421",
"@id": "CVE-2023-22421",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22424",
"@id": "CVE-2023-22424",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22419",
"@id": "CVE-2023-22419",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22421",
"@id": "CVE-2023-22421",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22424",
"@id": "CVE-2023-22424",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-03",
"@id": "ICSA-23-096-03",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/416.html",
"@id": "CWE-416",
"@title": "Use After Free(CWE-416)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software"
}
jvndb-2023-003592
Vulnerability from jvndb
Published
2023-09-13 15:02
Modified
2023-09-13 15:02
Severity ?
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
Details
Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
* Double free (CWE-415) - CVE-2023-41374
* Use-after-free (CWE-416) - CVE-2023-41375
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003592.html",
"dc:date": "2023-09-13T15:02+09:00",
"dcterms:issued": "2023-09-13T15:02+09:00",
"dcterms:modified": "2023-09-13T15:02+09:00",
"description": "Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n * Double free (CWE-415) - CVE-2023-41374\r\n\r\n * Use-after-free (CWE-416) - CVE-2023-41375\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003592.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:kostac_plc",
"@product": "Kostac PLC Programming Software",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-003592",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95282683/index.html",
"@id": "JVNVU#95282683",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41374",
"@id": "CVE-2023-41374",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41375",
"@id": "CVE-2023-41375",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41374",
"@id": "CVE-2023-41374",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41375",
"@id": "CVE-2023-41375",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/415.html",
"@id": "CWE-415",
"@title": "Double Free(CWE-415)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/416.html",
"@id": "CWE-416",
"@title": "Use After Free(CWE-416)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software"
}
cve-2023-41375
Vulnerability from cvelistv5
Published
2023-09-20 08:49
Modified
2024-09-24 19:08
Severity ?
EPSS score ?
Summary
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:08:39.384387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:08:52.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 1.6.11.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T08:49:10.486Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41375",
"datePublished": "2023-09-20T08:49:10.486Z",
"dateReserved": "2023-08-29T07:40:00.504Z",
"dateUpdated": "2024-09-24T19:08:52.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41374
Vulnerability from cvelistv5
Published
2023-09-20 08:49
Modified
2024-09-24 19:06
Severity ?
EPSS score ?
Summary
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:06:27.052742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:06:38.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 1.6.11.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T08:49:30.632Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41374",
"datePublished": "2023-09-20T08:49:30.632Z",
"dateReserved": "2023-08-29T07:40:00.504Z",
"dateUpdated": "2024-09-24T19:06:38.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}