CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Japan Vulnerability Notes•added 2023/03/06 6:31 a.m.•2 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-22419, CVE-2023-22421 Use-after-free CWE-416 - CVE-2023-22424 Michael Heinzl reported these vulnerabilities to JPCERT/CC...

7.8CVSS7.8AI score0.00122EPSS

Exploits0References11

OSV•added 2023/03/06 12:15 a.m.•0 views

CVE-2023-22419

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a special...

7.8CVSS7.3AI score

OSV•added 2023/03/06 12:15 a.m.•0 views

CVE-2023-22421

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may...

7.8CVSS7.4AI score

NVD•added 2023/03/06 12:15 a.m.•13 views

CVE-2023-22424

Use-after-free vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a speciall...

7.8CVSS7.7AI score0.00122EPSS

Prion•added 2023/03/06 12:15 a.m.•18 views

Out-of-bounds

4.4CVSS7.6AI score0.00069EPSS

Prion•added 2023/03/06 12:15 a.m.•10 views

Design/Logic Flaw

4.4CVSS7.7AI score0.00122EPSS

CNNVD•added 2023/03/06 12:0 a.m.•2 views

JTEKT Kostac PLC Programming Software 缓冲区错误漏洞

JTEKT Kostac PLC Programming Software is a PLC programmer software for personal computers from JTEKT Japan. A security vulnerability exists in JTEKT Kostac PLC Programming Software version 1.6.9.0 and prior versions, which originates from an out-of-bounds read due to an inability to validate data...

7.8CVSS7.7AI score0.00069EPSS

Exploits0References6

Cvelist•added 2023/03/05 12:0 a.m.•16 views

CVE-2023-22421

7.9AI score0.00069EPSS

Cvelist•added 2023/03/05 12:0 a.m.•15 views

CVE-2023-22424

7.9AI score0.00122EPSS

Vulnrichment•added 2023/03/05 12:0 a.m.•6 views

CVE-2023-22424

7.6AI score0.00122EPSS

CVE•added 2023/03/05 12:0 a.m.•41 views

CVE-2023-22424

CVE-2023-22424 affects Kostac PLC Programming Software (formerly Koyo PLC Programming Software) by a Use-After-Free vulnerability when the maximum number of columns for the PLC program is mis-handled. The issue occurs in versions 1.6.9.0 and earlier and can lead to information disclosure and/or a...

7.8CVSS7.6AI score0.00122EPSS

CVE•added 2023/03/05 12:0 a.m.•43 views

CVE-2023-22419

Kostac PLC Programming Software (JTEKT Kostac) versions 1.6.9.0 and earlier are affected by CVE-2023-22419. The issue is an out-of-bounds read occurring while processing a comment block in stage information, due to end-of-data verification failure. This can lead to information disclosure and/or a...

7.8CVSS7.5AI score0.00069EPSS

CVE•added 2023/03/05 12:0 a.m.•46 views

CVE-2023-22421

CVE-2023-22421 affects Kostac PLC Programming Software (formerly Koyo PLC Programming Software) by JTEKT Electronics. The flaw is an out-of-bounds read caused by an insufficient buffer size for PLC program instructions, triggered when opening a specially crafted project file. The impact is inform...

7.8CVSS7.6AI score0.00069EPSS

CNVD•added 2022/10/13 12:0 a.m.•16 views

Siemens LOGO! 8 BM Input Validation Error Vulnerability (CNVD-2022-89766)

A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for industrial environments for the Windows platform from Siemens, Germany, which stems from the fact that certain authentication is not performed when interacting with them. An unauthenticated remote attacker could...

7.5CVSS2.3AI score0.00809EPSS

CNVD•added 2022/10/13 12:0 a.m.•20 views

Siemens LOGO! 8 BM buffer overflow vulnerability (CNVD-2022-89767)

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. Siemens LOGO! 8 BM suffers from a buffer overflow vulnerability that stems from an inability to properly validate the structure of a TCP packet through a variety of methods. An...

9.8CVSS9.8AI score0.00551EPSS

CNVD•added 2022/10/13 12:0 a.m.•23 views

Siemens LOGO! 8 BM input validation error vulnerability

A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for the Windows platform used in industrial environments from Siemens, Germany. The vulnerability stems from the inability to properly validate offset values defined in TCP packets when calling methods. An attacker coul...

5.3CVSS2.5AI score0.00263EPSS

CNVD•added 2022/05/27 12:0 a.m.•25 views

Horner Automation Cscape Csfont Out-of-Bounds Reading Vulnerability

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds read vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

7.8CVSS5.1AI score0.00302EPSS