// For flags

CVE-2024-47135

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.

Existe una vulnerabilidad de desbordamiento de búfer basado en pila en el software de programación de PLC Kostac (nombre anterior: software de programación de PLC Koyo) versión 1.6.14.0 y anteriores. Si un usuario abre un archivo de proyecto especialmente manipulado que se guardó con el software de programación de PLC Kostac versión 1.6.9.0 y anteriores, puede provocar una condición de denegación de servicio (DoS), ejecución de código arbitrario o divulgación de información debido a que los problemas existen en el análisis de los archivos de proyecto de KPP.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-09-18 CVE Reserved
  • 2024-10-03 CVE Published
  • 2024-10-03 CVE Updated
  • 2024-10-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-121: Stack-based Buffer Overflow
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
JTEKT ELECTRONICS CORPORATION
Search vendor "JTEKT ELECTRONICS CORPORATION"
Kostac PLC Programming Software (Former Name Koyo PLC Programming Software)
Search vendor "JTEKT ELECTRONICS CORPORATION" for product "Kostac PLC Programming Software (Former Name Koyo PLC Programming Software)"
1.6.14.0
Search vendor "JTEKT ELECTRONICS CORPORATION" for product "Kostac PLC Programming Software (Former Name Koyo PLC Programming Software)" and version "1.6.14.0"
en
Affected