Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to KEYENCE CORPORATION. - VT STUDIO

jvndb-2024-003050

Vulnerability from jvndb

Published

2024-04-01 14:44

Modified

2024-04-01 14:44

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries

Details

VT STUDIO provided by KEYENCE CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427, CVE-2024-28099). KEYENCE CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU92825069/index.html
	JVN	https://jvn.jp/en/ta/JVNTA91240916/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-28099
	Uncontrolled Search Path Element(CWE-427)	https://cwe.mitre.org/data/definitions/427.html

Impacted products

▼	Vendor	Product
	KEYENCE CORPORATION.	VT STUDIO

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003050.html",
  "dc:date": "2024-04-01T14:44+09:00",
  "dcterms:issued": "2024-04-01T14:44+09:00",
  "dcterms:modified": "2024-04-01T14:44+09:00",
  "description": "VT STUDIO provided by KEYENCE CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427, CVE-2024-28099).\r\n\r\nKEYENCE CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003050.html",
  "sec:cpe": {
    "#text": "cpe:/a:keyence:keyence_vt_studio",
    "@product": "VT STUDIO",
    "@vendor": "KEYENCE CORPORATION.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-003050",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92825069/index.html",
      "@id": "JVNVU#92825069",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28099",
      "@id": "CVE-2024-28099",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/427.html",
      "@id": "CWE-427",
      "@title": "Uncontrolled Search Path Element(CWE-427)"
    }
  ],
  "title": "KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries"
}