[Japanese]

JVNDB-2023-003788

Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER

Overview

KV STUDIO and KV REPLAY VIEWER provided by KEYENCE CORPORATION contain an out-of-bounds read vulnerability (CWE-125, CVE-2023-42138).

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


KEYENCE CORPORATION.
  • KV REPLAY VIEWER Ver. 2.62 and earlier
  • KV STUDIO Ver. 11.62 and earlier

For more information, refer to the information provided by the developer.
Impact

If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

KEYENCE CORPORATION.
CWE (What is CWE?)

  1. Insufficient Verification of Data Authenticity(CWE-345) [Other]
CVE (What is CVE?)

  1. CVE-2023-42138
References

  1. JVN : JVNVU#94752076
Revision History

  • [2023/10/11]
      Web page was published

Date Public2023/10/10
Date First Published2023/10/11
Date Last Updated2023/10/11