The vulnerability of the Kostac PLC Programming Software (formerly Koyo PLC Programming Software) lies in its use of memory after it is freed. This allows a hacker to execute arbitrary code.

The vulnerability of the Kostac PLC Programming Software formerly Koyo PLC Programming Software relates to the use of memory after it is freed. Exploiting this vulnerability can allow an intruder to execute arbitrary code using a specially created project file...

The vulnerability of the Kostac PLC Programming Software (formerly Koyo PLC Programming Software) relates to the re-release of memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Kostac PLC Programming Software formerly Koyo PLC Programming Software relates to the repeated release of memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created project file...

The vulnerability of the InPlant SCADA system, related to insufficient calculation of password hashes, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the InPlant SCADA system is related to insufficient calculation of password hashes during the loading of project files. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...

CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...

CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...

CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...

CVE-2023-41375

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of K...

CVE-2023-41375

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of K...

PT-2023-5518 · Kostac · Kostac Plc Programming

Name of the Vulnerable Software and Affected Versions: Kostac PLC Programming Software versions 1.6.9.0 and earlier Kostac PLC Programming Software version 1.6.11.0 Description: The issue is related to a use after free vulnerability, which can be exploited by opening a specially crafted project...

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

Supcon InPlant SCADA Security Vulnerability

Supcon InPlant SCADA is a SCADA program from China Zhongguancun Technology Supcon. A security vulnerability exists in Supcon InPlant SCADA that stems from the presence of an unknown function in Project.xml that results in an under-computed password hash...

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Double free CWE-415 - CVE-2023-41374 Use-after-free CWE-416 - CVE-2023-41375 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with th...

PTC Kepware KEPServerEX Input Validation Error Vulnerability

PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. PTC Kepware KEPServerEX 6.14.263.0 and earlier versions suffer from an input validation error vulnerability that stems from easy UNC path injection via a malicious project file.By tricking a user...

PT-2023-5233 · Ptc +1 · Thingworx Kepware Server +1

Name of the Vulnerable Software and Affected Versions: Kepware KEPServerEX versions affected versions not specified ThingWorx Kepware Server versions affected versions not specified Description: The issue is related to insufficient input validation, which can be exploited by an adversary to gain...

CVE-2022-48554

File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...