[Update notice] Kostac PLC Programming Software (KPP)
1.Overview
A vulnerability was found in Kostac PLC Programming Software.
We will inform you of the contents and how to deal with it.
Please confirm the contents and apply the follow solution.
2.Products Affected
Product:Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
Version:Version 1.6.9.0 and earlier
3.Description
Kostac PLC Programming Software contains multiple vulnerabilities listed below.
Vulnerability 1) Out-of-bound read 1
When a specially crafted project file is opened, Out-of-bound read occurs when processing a
comment block in stage information because the end of data cannot be verified.
| CWE ID: | CWE-125 |
| CVE ID: | CVE-2023-22419 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8 |
Vulnerability 2) Out-of-bound read 2
When a specially crafted project file is opened, Out-of-bound read occurs because buffer size
used by the PLC program instructions is insufficient.
| CWE ID: | CWE-125 |
| CVE ID: | CVE-2023-22421 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8 |
Vulnerability 3) Use-after-free
When the maximum number of columns to place the PLC program is out of specification by
opening a specially crafted project file, a process accesses memory that has already been freed.
| CWE ID: | CWE-416 |
| CVE ID: | CVE-2023-22424 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8 |
4.Impact
Information disclosure and/or arbitrary code execution may occur by having a user to open a
specially crafted project file.
5.Solution
Update Kostac PLC Programming Software
The version that contains fixes for these vulnerabilities is as follows.
Version: Version 1.6.10.0 and above
This version not only addresses the vulnerability, but also takes measures to prevent crafted
project files from being opened.
Project files saved with Version 1.6.9.0 or earlier can be re-saved with Version 1.6.10.0 or above to enable this
tamper-proof feature. Project files saved with Version 1.6.10.0 or above cannot be opened with Version 1.6.9.0 or
earlier.
The latest version can be downloaded from the following our website.
https://www.electronics.jtekt.co.jp/en/download/plc/
6.Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with us.