Published:2023/03/31  Last Updated:2023/03/31

JVNVU#99710864
JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer

Overview

Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer.

Products Affected

  • Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier

Description

Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.

Impact

If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.

Solution

Update the software
Update Screen Creator Advance 2 to the latest version according to the information provided by the developer.
The developer released the below version that contains a fix for this vulnerability.

  • Screen Creator Advance 2 Ver.0.1.1.4 Build01B and above

The latest update can be obtained from the developer's website listed below.

Vendor Status

Vendor Status Last Update Vendor Notes
JTEKT ELECTRONICS CORPORATION Vulnerable 2023/03/31 JTEKT ELECTRONICS CORPORATION website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score: 7.8

Credit

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-25755
JVN iPedia