JVNVU#99710864
JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer
Overview
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer.
Products Affected
- Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier
Description
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.
Impact
If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.
Solution
Update the software
Update Screen Creator Advance 2 to the latest version according to the information provided by the developer.
The developer released the below version that contains a fix for this vulnerability.
- Screen Creator Advance 2 Ver.0.1.1.4 Build01B and above
The latest update can be obtained from the developer's website listed below.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Vulnerable | 2023/03/31 | JTEKT ELECTRONICS CORPORATION website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-25755 |
| JVN iPedia |
|