Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
26 vulnerabilities by JTEKT ELECTRONICS CORPORATION
CVE-2025-26401 (GCVE-0-2025-26401)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:20
VLAI
Summary
Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-261 - Weak encoding for password
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:20:14.818790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:20:28.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "Weak encoding for password",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:10:17.818Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26401",
"datePublished": "2025-04-04T02:10:17.818Z",
"dateReserved": "2025-03-18T01:13:11.370Z",
"dateUpdated": "2025-04-04T14:20:28.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25061 (GCVE-0-2025-25061)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:21
VLAI
Summary
Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-441 - Unintended proxy or intermediary ('Confused Deputy')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
|
| JTEKT ELECTRONICS CORPORATION | HMI GC-A2 series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:20:50.585279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:05.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "HMI GC-A2 series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:10:08.271Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25061",
"datePublished": "2025-04-04T02:10:08.271Z",
"dateReserved": "2025-03-18T01:13:13.360Z",
"dateUpdated": "2025-04-04T14:21:05.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24317 (GCVE-0-2025-24317)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
VLAI
Summary
Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of resources without limits or throttling
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
|
| JTEKT ELECTRONICS CORPORATION | HMI GC-A2 series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:21:19.158696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:28.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "HMI GC-A2 series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of resources without limits or throttling",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:09:58.316Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24317",
"datePublished": "2025-04-04T02:09:58.316Z",
"dateReserved": "2025-03-18T01:13:12.236Z",
"dateUpdated": "2025-04-04T14:21:28.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24310 (GCVE-0-2025-24310)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
VLAI
Summary
Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:21:43.727821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:59.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product\u0027s web pages."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:09:41.821Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24310",
"datePublished": "2025-04-04T02:09:41.821Z",
"dateReserved": "2025-03-18T01:13:14.313Z",
"dateUpdated": "2025-04-04T14:21:59.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47136 (GCVE-0-2024-47136)
Vulnerability from cvelistv5 – Published: 2024-10-03 02:54 – Updated: 2024-10-03 15:29
VLAI
Summary
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:27:40.398824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:29:25.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:54:16.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47136",
"datePublished": "2024-10-03T02:54:16.204Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:29:25.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47135 (GCVE-0-2024-47135)
Vulnerability from cvelistv5 – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:32
VLAI
Summary
Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:31:50.339454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:32:41.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:53:46.102Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47135",
"datePublished": "2024-10-03T02:53:46.102Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:32:41.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47134 (GCVE-0-2024-47134)
Vulnerability from cvelistv5 – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:34
VLAI
Summary
Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:33:56.060654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:34:44.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:53:19.594Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47134",
"datePublished": "2024-10-03T02:53:19.594Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:34:44.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49713 (GCVE-0-2023-49713)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 22:01
VLAI
Summary
Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:26.932Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49713",
"datePublished": "2023-12-12T09:16:26.932Z",
"dateReserved": "2023-11-30T05:55:31.396Z",
"dateUpdated": "2024-08-02T22:01:26.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49143 (GCVE-0-2023-49143)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 21:46
VLAI
Summary
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:20.067Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49143",
"datePublished": "2023-12-12T09:16:20.067Z",
"dateReserved": "2023-11-30T05:55:32.224Z",
"dateUpdated": "2024-08-02T21:46:28.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49140 (GCVE-0-2023-49140)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-10-08 19:23
VLAI
Summary
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial-of-service (DoS)
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
|
| jtekt | gc-a22w-cw_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24w-c\(w\)_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24w-c\(w\)_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24-m_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a25_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26-j2_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a27-c_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a28-c_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26w-c\(w\)_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26w-c\(w\)_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a22w-cw_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24w-c\\(w\\)_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24-m_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a25_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26-j2_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a27-c_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a28-c_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26w-c\\(w\\)_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-12T17:31:40.315155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:23:02.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:13.379Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49140",
"datePublished": "2023-12-12T09:16:13.379Z",
"dateReserved": "2023-11-30T05:55:29.274Z",
"dateUpdated": "2024-10-08T19:23:02.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41963 (GCVE-0-2023-41963)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 19:09
VLAI
Summary
Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:04.421Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41963",
"datePublished": "2023-12-12T09:16:04.421Z",
"dateReserved": "2023-11-30T05:55:30.462Z",
"dateUpdated": "2024-08-02T19:09:49.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42507 (GCVE-0-2023-42507)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:33 – Updated: 2024-09-13 15:31
VLAI
Summary
Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Stack-based buffer overflow
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | OnSinView2 |
Affected:
versions 2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:30:14.711758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:31:57.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OnSinView2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "versions 2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:33:33.352Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42507",
"datePublished": "2023-10-17T22:33:33.352Z",
"dateReserved": "2023-09-11T12:43:54.266Z",
"dateUpdated": "2024-09-13T15:31:57.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42506 (GCVE-0-2023-42506)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:32 – Updated: 2024-09-13 15:33
VLAI
Summary
Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper restriction of operations within the bounds of a memory buffer
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | OnSinView2 |
Affected:
versions 2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:32:52.728636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:33:48.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OnSinView2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "versions 2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of operations within the bounds of a memory buffer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:32:33.471Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42506",
"datePublished": "2023-10-17T22:32:33.471Z",
"dateReserved": "2023-09-11T12:43:54.265Z",
"dateUpdated": "2024-09-13T15:33:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41374 (GCVE-0-2023-41374)
Vulnerability from cvelistv5 – Published: 2023-09-20 08:49 – Updated: 2024-09-24 19:06
VLAI
Summary
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Double free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software |
Affected:
Version 1.6.11.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:06:27.052742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:06:38.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 1.6.11.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T08:49:30.632Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41374",
"datePublished": "2023-09-20T08:49:30.632Z",
"dateReserved": "2023-08-29T07:40:00.504Z",
"dateUpdated": "2024-09-24T19:06:38.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41375 (GCVE-0-2023-41375)
Vulnerability from cvelistv5 – Published: 2023-09-20 08:49 – Updated: 2024-09-24 19:08
VLAI
Summary
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software |
Affected:
Version 1.6.11.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:08:39.384387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:08:52.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 1.6.11.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T08:49:10.486Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41375",
"datePublished": "2023-09-20T08:49:10.486Z",
"dateReserved": "2023-08-29T07:40:00.504Z",
"dateUpdated": "2024-09-24T19:08:52.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25755 (GCVE-0-2023-25755)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-11 16:27
VLAI
Summary
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper restriction of operations within the bounds of a memory Buffer
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01A and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303315311/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99710864/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:27:28.859694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:27:42.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01A and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of operations within the bounds of a memory Buffer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303315311/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99710864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-25755",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-02-11T16:27:42.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22419 (GCVE-0-2023-22419)
Vulnerability from cvelistv5 – Published: 2023-03-05 00:00 – Updated: 2025-03-06 16:05
VLAI
Summary
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bounds read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
Version 1.6.9.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303035258/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94966432/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T16:04:40.725583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T16:05:15.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 1.6.9.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-05T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303035258/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94966432/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22419",
"datePublished": "2023-03-05T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-06T16:05:15.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22421 (GCVE-0-2023-22421)
Vulnerability from cvelistv5 – Published: 2023-03-05 00:00 – Updated: 2025-03-07 18:15
VLAI
Summary
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bounds read
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
Version 1.6.9.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303035258/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94966432/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:14:40.447504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:15:14.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 1.6.9.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-05T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303035258/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94966432/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22421",
"datePublished": "2023-03-05T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-07T18:15:14.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22424 (GCVE-0-2023-22424)
Vulnerability from cvelistv5 – Published: 2023-03-05 00:00 – Updated: 2025-03-07 15:48
VLAI
Summary
Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use-after-free
- CWE-416 - Use After Free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
Version 1.6.9.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303035258/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94966432/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T15:46:53.109500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:48:36.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 1.6.9.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-05T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202303035258/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94966432/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22424",
"datePublished": "2023-03-05T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-07T15:48:36.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22345 (GCVE-0-2023-22345)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:31
VLAI
Summary
Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bound write
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:31:08.616154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:31:44.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22345",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:31:44.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22360 (GCVE-0-2023-22360)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:26
VLAI
Summary
Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use-after-free
- CWE-416 - Use After Free
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:25:18.062601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:26:00.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22360",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:26:00.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22349 (GCVE-0-2023-22349)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 14:51
VLAI
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bound read
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T14:50:04.828051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:51:41.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22349",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T14:51:41.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22350 (GCVE-0-2023-22350)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:28
VLAI
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bound read
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:27:51.115632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:28:22.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22350",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:28:22.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22347 (GCVE-0-2023-22347)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:29
VLAI
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bound read
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:29:10.760201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:29:37.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22347",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:29:37.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22353 (GCVE-0-2023-22353)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:26
VLAI
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bound read
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:26:32.082790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:26:59.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22353",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:26:59.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22346 (GCVE-0-2023-22346)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:30
VLAI
Summary
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Out-of-bound read
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Screen Creator Advance 2 |
Affected:
Ver.0.1.1.4 Build01 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:30:15.958646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:30:49.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Screen Creator Advance 2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.0.1.1.4 Build01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202302035233/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98917488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22346",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:30:49.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}