1.6.9.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

jtekt

CWE-416

NVD

Published: 2023-09-20

Updated: 2023-09-22

Summary

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.

Vulnerable Configurations

Part	Description	Count
Application	Jtekt Jtekt Kostac PLC 1.6.11.0 Jtekt Kostac PLC - Jtekt Kostac PLC 1.6.9.0	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References