Vulnerabilites related to KEYENCE CORPORATION. - VT STUDIO
jvndb-2025-014967
Vulnerability from jvndb
Published
2025-10-03 11:19
Modified
2025-10-03 11:19
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in multiple Keyence products
Details
Multiple products provided by KEYENCE CORPORATION contain multiple vulnerabilities listed below. <ul> <li>Stack-based buffer overflow (CWE-121) - CVE-2025-58775, CVE-2025-58776</li> <li>Access of uninitialized pointer (CWE-824) - CVE-2025-58777</li> <li>Buffer underflow (CWE-124) - CVE-2025-61690</li> <li>Out-of-bounds read (CWE-125) - CVE-2025-61691</li> <li>Use after free (CWE-416) - CVE-2025-61692</li> </ul> Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
References
JVN https://jvn.jp/en/vu/JVNVU97069449/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2025-58775
CVE https://www.cve.org/CVERecord?id=CVE-2025-58776
CVE https://www.cve.org/CVERecord?id=CVE-2025-58777
CVE https://www.cve.org/CVERecord?id=CVE-2025-61690
CVE https://www.cve.org/CVERecord?id=CVE-2025-61691
CVE https://www.cve.org/CVERecord?id=CVE-2025-61692
Stack-based Buffer Overflow(CWE-121) https://cwe.mitre.org/data/definitions/121.html
Buffer Underwrite ('Buffer Underflow')(CWE-124) https://cwe.mitre.org/data/definitions/124.html
Out-of-bounds Read(CWE-125) https://cwe.mitre.org/data/definitions/125.html
Use After Free(CWE-416) https://cwe.mitre.org/data/definitions/416.html
Access of Uninitialized Pointer(CWE-824) https://cwe.mitre.org/data/definitions/824.html
Impacted products
KEYENCE CORPORATION.VT5-WX12
KEYENCE CORPORATION.VT5-WX15
KEYENCE CORPORATION.VT STUDIO
KEYENCE CORPORATION.KV STUDIO
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014967.html",
  "dc:date": "2025-10-03T11:19+09:00",
  "dcterms:issued": "2025-10-03T11:19+09:00",
  "dcterms:modified": "2025-10-03T11:19+09:00",
  "description": "Multiple products provided by KEYENCE CORPORATION contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eStack-based buffer overflow (CWE-121) - CVE-2025-58775, CVE-2025-58776\u003c/li\u003e\r\n\u003cli\u003eAccess of uninitialized pointer (CWE-824) - CVE-2025-58777\u003c/li\u003e\r\n\u003cli\u003eBuffer underflow (CWE-124) - CVE-2025-61690\u003c/li\u003e\r\n\u003cli\u003eOut-of-bounds read (CWE-125) - CVE-2025-61691\u003c/li\u003e\r\n\u003cli\u003eUse after free (CWE-416) - CVE-2025-61692\u003c/li\u003e\r\n\u003c/ul\u003e\r\nMichael Heinzl reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014967.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:keyence:keyence_vt5-wx12",
      "@product": "VT5-WX12",
      "@vendor": "KEYENCE CORPORATION.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:keyence:keyence_vt5-wx15",
      "@product": "VT5-WX15",
      "@vendor": "KEYENCE CORPORATION.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:keyence:keyence_vt_studio",
      "@product": "VT STUDIO",
      "@vendor": "KEYENCE CORPORATION.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:keyence:kv_studio",
      "@product": "KV STUDIO",
      "@vendor": "KEYENCE CORPORATION.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-014967",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU97069449/index.html",
      "@id": "JVNVU#97069449",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-58775",
      "@id": "CVE-2025-58775",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-58776",
      "@id": "CVE-2025-58776",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-58777",
      "@id": "CVE-2025-58777",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-61690",
      "@id": "CVE-2025-61690",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-61691",
      "@id": "CVE-2025-61691",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-61692",
      "@id": "CVE-2025-61692",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/121.html",
      "@id": "CWE-121",
      "@title": "Stack-based Buffer Overflow(CWE-121)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/124.html",
      "@id": "CWE-124",
      "@title": "Buffer Underwrite (\u0027Buffer Underflow\u0027)(CWE-124)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/416.html",
      "@id": "CWE-416",
      "@title": "Use After Free(CWE-416)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/824.html",
      "@id": "CWE-824",
      "@title": "Access of Uninitialized Pointer(CWE-824)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple Keyence products"
}

jvndb-2024-003050
Vulnerability from jvndb
Published
2024-04-01 14:44
Modified
2024-04-01 14:44
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries
Details
VT STUDIO provided by KEYENCE CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427, CVE-2024-28099). KEYENCE CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
JVN https://jvn.jp/en/vu/JVNVU92825069/index.html
JVN https://jvn.jp/en/ta/JVNTA91240916/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2024-28099
Uncontrolled Search Path Element(CWE-427) https://cwe.mitre.org/data/definitions/427.html
Impacted products
KEYENCE CORPORATION.VT STUDIO
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003050.html",
  "dc:date": "2024-04-01T14:44+09:00",
  "dcterms:issued": "2024-04-01T14:44+09:00",
  "dcterms:modified": "2024-04-01T14:44+09:00",
  "description": "VT STUDIO provided by KEYENCE CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427, CVE-2024-28099).\r\n\r\nKEYENCE CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003050.html",
  "sec:cpe": {
    "#text": "cpe:/a:keyence:keyence_vt_studio",
    "@product": "VT STUDIO",
    "@vendor": "KEYENCE CORPORATION.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-003050",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92825069/index.html",
      "@id": "JVNVU#92825069",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28099",
      "@id": "CVE-2024-28099",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/427.html",
      "@id": "CWE-427",
      "@title": "Uncontrolled Search Path Element(CWE-427)"
    }
  ],
  "title": "KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries"
}