CVE-2024-47134

Out-of-bounds write vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

CVE-2024-47136

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

CVE-2024-47136

CVE-2024-47136 is an out-of-bounds read vulnerability in Kostac PLC Programming Software (former Koyo) up to version 1.6.14.0. Opening a specially crafted KPP project file saved with version 1.6.9.0 or earlier can cause DoS, arbitrary code execution, or information disclosure due to parsing issue...

CVE-2024-47135

Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may...

CVE-2024-47134

Summary of CVE-2024-47134 and related advisories : Kostac PLC Programming Software (formerly Koyo PLC Programming Software)

CVE-2024-47134

Out-of-bounds write vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

JTEKT Kostac PLC Programming Software 安全漏洞

JTEKT Kostac PLC Programming Software is a PLC programmer software for personal computers from JTEKT Japan. A security vulnerability exists in JTEKT Kostac PLC Programming Software version 1.6.14.0 and prior versions, which stems from the presence of a stack-based buffer overflow vulnerability...

The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E microprogrammed logic controllers is related to lack of access control measures. Exploiting this vulnerability could allow an attacker to gain access to confidential information...

The vulnerability of ZTE ZXHN H388X router’s micro-programming software, related to improper storage of resolutions, allows attackers to increase their privileges.

The vulnerability of ZTE ZXHN H388X router’s microprogramming software is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to enhance their privileges through specially created requests...

CVE-2024-24957

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

CVE-2024-24947

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This...

CVE-2024-24851

A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability...

CVE-2024-24963

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...

CVE-2024-22187

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this...

CVE-2024-23315

A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger th...

AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...

AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1936 AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24851 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn...

PT-2024-3879 · Automationdirect · Automationdirect P3-550E

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9 Description: Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality. Specially crafted network packets can lead to heap-based memory...

The vulnerability of the KEYENCE CORPORATION’s programming software for programmable logic controllers, as well as the software for viewing and analyzing controller data, called KV REPLAY VIEWER, stems from a flaw related to memory-walking attacks. This flaw allows attackers to execute arbitrary code.

The vulnerability of the KEYENCE CORPORATION KV STUDIO programming software and the KV REPLAY VIEWER data viewing and analysis software lies in memory reading outside the bounds of the memory space. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the KEYENCE CORPORATION’s programming software for programmable logic controllers, as well as the data viewing and analysis software for controllers called KV REPLAY VIEWER, relates to writing beyond the buffer boundaries in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the KEYENCE CORPORATION KV STUDIO programming software and the KV REPLAY VIEWER data viewing and analysis software lies in the ability to write beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remote...