Out-of-Bounds Read Vulnerability in Kostac PLC Programming Software by JTEKT
CVE-2023-22421

7.8HIGH

Key Information:

Vendor: Jtekt Electronics Corporation
Status: Kostac Plc Programming Software (former Name: Koyo Plc Programming Software)
Vendor: CVE Published:; 6 March 2023

🔔 Create Jtekt Electronics Corporation Vulnerability Alert

What is CVE-2023-22421?

An out-of-bounds read vulnerability has been identified in Kostac PLC Programming Software, previously known as Koyo PLC Programming Software. This vulnerability arises from inadequate buffer sizing for PLC program instructions, permitting an out-of-bounds read. When users open a specially crafted project file, it may result in unintended information disclosure and the possibility of arbitrary code execution, posing a risk to the integrity of the system.

Affected Version(s)

Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier

References

https://www.electronics.jtekt.co.jp/en/topics/202303035258/

https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/

https://jvn.jp/en/vu/JVNVU94966432/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2023
Vulnerability Reserved
Dec 28, 2022