Published:2023/03/03  Last Updated:2023/04/07

JVNVU#94966432
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview

Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities.

Products Affected

  • Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier

Description

Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.

  • Out-of-bounds read (CWE-125) - CVE-2023-22419, CVE-2023-22421
    CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8
  • Use-after-free (CWE-416) - CVE-2023-22424
    CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8

Impact

Opening a specially crafted project file may result in information disclosure and/or arbitrary code execution.

CVE-2023-22419
When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs.

CVE-2023-22421
The insufficient buffer size for the PLC program instructions leads to out-of-bounds read.

CVE-2023-22424
With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory.

Solution

Update the software
Update Kostac PLC Programming Software to the latest version according to the information provided by the developer.
The developer released the following versions that contain fixes for these vulnerabilities.

  • Kostac PLC Programming Software Version 1.6.10.0 and above

The latest update can be obtained from the developer's website listed below.

Vendor Status

Vendor Status Last Update Vendor Notes
JTEKT ELECTRONICS CORPORATION Vulnerable 2023/03/03 JTEKT ELECTRONICS CORPORATION website

References

  1. ICS Advisory | ICSA-23-096-03
    JTEKT ELECTRONICS Kostac PLC Programming Software

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-22419
CVE-2023-22421
CVE-2023-22424
JVN iPedia

Update History

2023/04/07
Updated the information under the section [References]