Kostac PLC Programming Software Vulnerable to Out-of-bounds Read and DoS Attacks
CVE-2024-47136

7.8HIGH

Key Information:

Vendor: Jtekt Electronics Corporation
Status: Kostac Plc Programming Software (former Name: Koyo Plc Programming Software)
Vendor: CVE Published:; 3 October 2024

🔔 Create Jtekt Electronics Corporation Vulnerability Alert

What is CVE-2024-47136?

An out-of-bounds read vulnerability has been identified in Kostac PLC Programming Software (formerly known as Koyo PLC Programming Software) versions 1.6.14.0 and earlier. This vulnerability occurs when a user opens a specially crafted KPP project file that has been saved using version 1.6.9.0 or earlier. The parsing errors associated with such project files can result in a denial-of-service condition, provide opportunities for arbitrary code execution, and enable data leaks that lead to information disclosure. Users of these versions should take immediate action to mitigate potential risks.

Affected Version(s)

Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) 1.6.14.0 and earlier

References

https://www.electronics.jtekt.co.jp/en/topics/202410026928/

https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/

https://jvn.jp/en/vu/JVNVU92808077/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2024
Vulnerability Reserved
Sep 18, 2024