CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41375
https://notcve.org/view.php?id=CVE-2023-41375
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. Exista una vulnerabilidad de Use After Free en Kostac PLC Programming Software Versión 1.6.11.0. • https://jvn.jp/en/vu/JVNVU95282683/index.html https://www.electronics.jtekt.co.jp/en/topics/202309125391 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25755
https://notcve.org/view.php?id=CVE-2023-25755
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed. • https://jvn.jp/en/vu/JVNVU99710864 https://www.electronics.jtekt.co.jp/en/topics/202303315311 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22419
https://notcve.org/view.php?id=CVE-2023-22419
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU94966432 https://www.electronics.jtekt.co.jp/en/topics/202303035258 https://www.electronics.jtekt.co.jp/jp/topics/2023030313639 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22421
https://notcve.org/view.php?id=CVE-2023-22421
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU94966432 https://www.electronics.jtekt.co.jp/en/topics/202303035258 https://www.electronics.jtekt.co.jp/jp/topics/2023030313639 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22424
https://notcve.org/view.php?id=CVE-2023-22424
Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU94966432 https://www.electronics.jtekt.co.jp/en/topics/202303035258 https://www.electronics.jtekt.co.jp/jp/topics/2023030313639 • CWE-416: Use After Free •