[Japanese]

JVNDB-2023-001304

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview

Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.

* Out-of-bounds read (CWE-125) - CVE-2023-22419, CVE-2023-22421
* Use-after-free (CWE-416) - CVE-2023-22424

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-22419


CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-22421


CVSS V3 Severity:
"Base Metrics:7.8 (High) [Other]
"
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact:
The above CVSS base scores have been assigned for CVE-2023-22424
Affected Products


JTEKT ELECTRONICS CORPORATION
  • Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier

Impact

Opening a specially crafted project file may result in information disclosure and/or arbitrary code execution.

CVE-2023-22419
When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs.

CVE-2023-22421
The insufficient buffer size for the PLC program instructions leads to out-of-bounds read.

CVE-2023-22424
With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory.
Solution

[Update the software]
Update Kostac PLC Programming Software to the latest version according to the information provided by the developer.
The developer released the following versions that contain fixes for these vulnerabilities.

* Kostac PLC Programming Software Version 1.6.10.0 and above

The latest update can be obtained from the developer's website listed below.

* PLC - Download | JTEKT ELECTRONICS CORPORATION
Vendor Information

JTEKT ELECTRONICS CORPORATION
CWE (What is CWE?)

  1. Out-of-bounds Read(CWE-125) [Other]
  2. Use After Free(CWE-416) [Other]
CVE (What is CVE?)

  1. CVE-2023-22419
  2. CVE-2023-22421
  3. CVE-2023-22424
References

  1. JVN : JVNVU#94966432
  2. ICS-CERT ADVISORY : ICSA-23-096-03
Revision History

  • [2023/03/06]
      Web page was published
  • [2023/04/10]
      References : Content was added