CVE-2023-41375

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jtekt:kostac_plc:*:*:*:*:*:*:*:*
cpe:2.3:a:jtekt:kostac_plc:1.6.11.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:21

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU95282683/index.html - Third Party Advisory () https://jvn.jp/en/vu/JVNVU95282683/index.html - Third Party Advisory
References () https://www.electronics.jtekt.co.jp/en/topics/202309125391/ - Vendor Advisory () https://www.electronics.jtekt.co.jp/en/topics/202309125391/ - Vendor Advisory

22 Sep 2023, 16:31

Type Values Removed Values Added
CWE CWE-416
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
First Time Jtekt kostac Plc
Jtekt
CPE cpe:2.3:a:jtekt:kostac_plc:1.6.11.0:*:*:*:*:*:*:*
cpe:2.3:a:jtekt:kostac_plc:*:*:*:*:*:*:*:*
References (MISC) https://www.electronics.jtekt.co.jp/en/topics/202309125391/ - (MISC) https://www.electronics.jtekt.co.jp/en/topics/202309125391/ - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU95282683/index.html - (MISC) https://jvn.jp/en/vu/JVNVU95282683/index.html - Third Party Advisory

20 Sep 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-20 09:15

Updated : 2024-11-21 08:21


NVD link : CVE-2023-41375

Mitre link : CVE-2023-41375

CVE.ORG link : CVE-2023-41375


JSON object : View

Products Affected

jtekt

  • kostac_plc
CWE
CWE-416

Use After Free