All the vulnerabilites related to JTEKT ELECTRONICS CORPORATION - Screen Creator Advance 2
cve-2023-22347
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22347",
"datePublished": "2023-02-13T00:00:00",
"dateReserved": "2022-12-28T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22346
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22346",
"datePublished": "2023-02-13T00:00:00",
"dateReserved": "2022-12-28T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25755
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303315311/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99710864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01A and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of operations within the bounds of a memory Buffer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303315311/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99710864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-25755",
"datePublished": "2023-04-11T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22360
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22360",
"datePublished": "2023-02-13T00:00:00",
"dateReserved": "2022-12-28T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22353
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22353",
"datePublished": "2023-02-13T00:00:00",
"dateReserved": "2022-12-28T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22345
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22345",
"datePublished": "2023-02-13T00:00:00",
"dateReserved": "2022-12-28T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22349
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22349",
"datePublished": "2023-02-13T00:00:00",
"dateReserved": "2022-12-28T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22350
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22350",
"datePublished": "2023-02-13T00:00:00",
"dateReserved": "2022-12-28T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2023-001402
Vulnerability from jvndb
Published
2023-04-03 16:24
Modified
2024-06-04 17:15
Severity ?
Summary
JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer
Details
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001402.html",
"dc:date": "2024-06-04T17:15+09:00",
"dcterms:issued": "2023-04-03T16:24+09:00",
"dcterms:modified": "2024-06-04T17:15+09:00",
"description": "Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.\r\n\r\nMichael Heinzl reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001402.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:screen_creator_advance_2",
"@product": "Screen Creator Advance 2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001402",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99710864/index.html",
"@id": "JVNVU#99710864",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25755",
"@id": "CVE-2023-25755",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25755",
"@id": "CVE-2023-25755",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer"
}
jvndb-2023-001212
Vulnerability from jvndb
Published
2023-02-08 12:46
Modified
2024-06-10 17:25
Severity ?
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2
Details
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
* Out-of-bound write (CWE-787) - CVE-2023-22345
* Out-of-bound read (CWE-125) - CVE-2023-22346, CVE-2023-22347, CVE-2023-22349, CVE-2023-22350, CVE-2023-22353
* Use-after-free (CWE-416) - CVE-2023-22360
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001212.html",
"dc:date": "2024-06-10T17:25+09:00",
"dcterms:issued": "2023-02-08T12:46+09:00",
"dcterms:modified": "2024-06-10T17:25+09:00",
"description": "Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n * Out-of-bound write (CWE-787) - CVE-2023-22345\r\n * Out-of-bound read (CWE-125) - CVE-2023-22346, CVE-2023-22347, CVE-2023-22349, CVE-2023-22350, CVE-2023-22353\r\n * Use-after-free (CWE-416) - CVE-2023-22360\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001212.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:screen_creator_advance_2",
"@product": "Screen Creator Advance 2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001212",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98917488/",
"@id": "JVNVU#98917488",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22345",
"@id": "CVE-2023-22345",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22346",
"@id": "CVE-2023-22346",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22347",
"@id": "CVE-2023-22347",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22349",
"@id": "CVE-2023-22349",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22350",
"@id": "CVE-2023-22350",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22353",
"@id": "CVE-2023-22353",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22360",
"@id": "CVE-2023-22360",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22345",
"@id": "CVE-2023-22345",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22346",
"@id": "CVE-2023-22346",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22347",
"@id": "CVE-2023-22347",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22349",
"@id": "CVE-2023-22349",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22350",
"@id": "CVE-2023-22350",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22353",
"@id": "CVE-2023-22353",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22360",
"@id": "CVE-2023-22360",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-02",
"@id": "ICSA-23-096-02",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/416.html",
"@id": "CWE-416",
"@title": "Use After Free(CWE-416)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2"
}
jvndb-2022-000029
Vulnerability from jvndb
Published
2022-05-09 14:43
Modified
2024-06-19 16:03
Severity ?
Summary
KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
Details
Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS's HMI.
Screen Creator Advance2 contains an authentication bypass vulnerability (CWE-807) due to the improper check for the Remote control setting's account names.
KOYO ELECTRONICS INDUSTRIES CO., LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and KOYO ELECTRONICS INDUSTRIES CO., LTD. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000029.html",
"dc:date": "2024-06-19T16:03+09:00",
"dcterms:issued": "2022-05-09T14:43+09:00",
"dcterms:modified": "2024-06-19T16:03+09:00",
"description": "Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS\u0027s HMI.\r\nScreen Creator Advance2 contains an authentication bypass vulnerability (CWE-807) due to the improper check for the Remote control setting\u0027s account names.\r\n\r\nKOYO ELECTRONICS INDUSTRIES CO., LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and KOYO ELECTRONICS INDUSTRIES CO., LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000029.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:screen_creator_advance_2",
"@product": "Screen Creator Advance 2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.1",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50337155/index.html",
"@id": "JVN#50337155",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-29518",
"@id": "CVE-2022-29518",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29518",
"@id": "CVE-2022-29518",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass"
}