JVNVU#99710864
JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer
Overview
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer.
Products Affected
- Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier
Description
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.
Impact
If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.
Solution
Update the software
Update Screen Creator Advance 2 to the latest version according to the information provided by the developer.
The developer released the below version that contains a fix for this vulnerability.
- Screen Creator Advance 2 Ver.0.1.1.4 Build01B and above
The latest update can be obtained from the developer's website listed below.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Vulnerable | 2023/03/31 | JTEKT ELECTRONICS CORPORATION website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-25755 |
| JVN iPedia |
|