CVE-2024-47135

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.

Existe una vulnerabilidad de desbordamiento de búfer basado en pila en el software de programación de PLC Kostac (nombre anterior: software de programación de PLC Koyo) versión 1.6.14.0 y anteriores. Si un usuario abre un archivo de proyecto especialmente manipulado que se guardó con el software de programación de PLC Kostac versión 1.6.9.0 y anteriores, puede provocar una condición de denegación de servicio (DoS), ejecución de código arbitrario o divulgación de información debido a que los problemas existen en el análisis de los archivos de proyecto de KPP.

*Credits: N/A

CVSS Scores

JPCERT/CCv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-09-18 CVE Reserved
2024-10-03 CVE Published
2024-10-03 CVE Updated
2024-10-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/en/vu/JVNVU92808077
https://www.electronics.jtekt.co.jp/en/topics/202410026928
https://www.electronics.jtekt.co.jp/jp/topics/2024100217388

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
JTEKT ELECTRONICS CORPORATION Search vendor "JTEKT ELECTRONICS CORPORATION"		Kostac PLC Programming Software (Former Name Koyo PLC Programming Software) Search vendor "JTEKT ELECTRONICS CORPORATION" for product "Kostac PLC Programming Software (Former Name Koyo PLC Programming Software)"				1.6.14.0 Search vendor "JTEKT ELECTRONICS CORPORATION" for product "Kostac PLC Programming Software (Former Name Koyo PLC Programming Software)" and version "1.6.14.0"		en		Affected