Published:2023/10/17 Last Updated:2023/10/17
JVNVU#98392064
Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2
Overview
OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities.
Products Affected
- OnSinView2 versions 2.0.1 and earlier
Description
OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
- Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-42506
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8 - Stack-based buffer overflow (CWE-121) - CVE-2023-42507
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8
Impact
If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer released the following versions that contain fixes for these vulnerabilities.
- OnSinView2 versions 2.0.2 and later
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Vulnerable | 2023/10/17 | JTEKT ELECTRONICS CORPORATION website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-42506 |
|
CVE-2023-42507 |
|
| JVN iPedia |
|