Kostac PLC Programming Software Vulnerable to Out-of-bounds Read and DoS Attacks
CVE-2024-47136

7.8HIGH

Key Information:

Vendor

Jtekt Electronics Corporation

Status
Kostac Plc Programming Software (former Name: Koyo Plc Programming Software)
Vendor
CVE Published:
3 October 2024

What is CVE-2024-47136?

An out-of-bounds read vulnerability has been identified in Kostac PLC Programming Software (formerly known as Koyo PLC Programming Software) versions 1.6.14.0 and earlier. This vulnerability occurs when a user opens a specially crafted KPP project file that has been saved using version 1.6.9.0 or earlier. The parsing errors associated with such project files can result in a denial-of-service condition, provide opportunities for arbitrary code execution, and enable data leaks that lead to information disclosure. Users of these versions should take immediate action to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) 1.6.14.0 and earlier

References

https://www.electronics.jtekt.co.jp/en/topics/202410026928/
https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/
https://jvn.jp/en/vu/JVNVU92808077/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.