[Update notice] Kostac PLC Programming Software (KPP)
1.Overview
Multiple vulnerabilities were found in Kostac PLC Programming Software.
We will inform you of the contents and how to deal with them.
Please confirm the contents and apply the follow solution.
2.Products Affected
Product: Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
Version: Version 1.6.11.0 and earlier
3.Description
Kostac PLC Programming Software contains multiple vulnerabilities listed below.
Vulnerability 1) Double Free
When a specially crafted project file is opened in Kostac PLC Programming Software, memory is double freed while processing line number information.
This applies to project file saved with Kostac PLC Programming Software Version 1.6.9.0 or earlier.
| CWE ID: | CWE-415 |
| CVE ID: | CVE-2023-41374 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8 |
Vulnerability 2) Use After Free
When a specially crafted project file is opened in Kostac PLC Programming Software, freed memory is used during the processing of information in the display column.
This applies to project file saved with Kostac PLC Programming Software Version 1.6.9.0 or earlier.
| CWE ID: | CWE-416 |
| CVE ID: | CVE-2023-41375 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8 |
4.Impact
Information disclosure and/or arbitrary code execution may occur by having a user to open a specially crafted project file.
5.Solution
Update Kostac PLC Programming Software
The version that contains fixes for these vulnerabilities is as follows.
Version: Version 1.6.12.0 and above
Project file saved with version 1.6.9.0 or earlier must be re-saved with version 1.6.10.0 or later to enable tamper-proof feature. If you have such a file, please re-saved it.
The latest version can be downloaded from the following our website.
https://www.electronics.jtekt.co.jp/en/download/plc/
6.Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with us.