Vulnerability Information

Vulnerability List

Release Date Database ID Affected products Affected customers Description Reporter
Oct.02,2024 JVNVU#92808077 Kostac PLC Programming Software (KPP)
Former name: Koyo PLC Programming Software
Kostac PLC Programming Software Version 1.6.14.0 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by: Michael Heinzl
CVE-2024-47134
CVE-2024-47135
CVE-2024-47136
Dec.11,2023 JVN#34145838 HMI GC-A2 series:
GC-A22W-CW
GC-A24W-C(W)
GC-A26W-C(W)
GC-A24
GC-A24-M
GC-A25
GC-A26
GC-A26-J2
GC-A27-C
GC-A28-C
Customers using affected HMIs HMI GC-A2 series has a denial of service (DoS) vulnerability. JTEKT ELECTRONICS CORPORATION
SQA Team
CVE-2023-41963
CVE-2023-49140
CVE-2023-49143
CVE-2023-49713
Oct.17,2023 JVNVU#98392064 OnSinView2 OnSinView2 Version 2.0.1 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by:Michael Heinzl
CVE-2023-42506
CVE-2023-42507
Sep.12,2023 JVNVU#95282683 Kostac PLC Programming Software(KPP) Former name:Koyo PLC Programming Software Kostac PLC Programming Software Version 1.6.11.0 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by : Michael Heinzl
CVE-2023-41374
CVE-2023-41375
Mar.23,2023 JVNVU#99710864 Screen Creator Advance2
(SCA2)
Screen Creator Advance2
Ver.0.1.1.4
Build01A
and earlier
Information disclosure and/or arbitrary code execution may occur. This vulnerability was discovered by:Michael Heinzl
CVE-2023-25755
Mar.03,2023 JVNVU# 94966432 Kostac PLC Programming Software (KPP) Former name: Koyo PLC Programming Software Kostac PLC Programming Software Version 1.6.9.0 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by: Michael Heinzl
CVE-2023-22419
CVE-2023-22421
CVE-2023-22424
Feb.03,2023 JVNVU#98917488 Screen Creator Advance2(SCA2) Screen Creator Advance2 Ver.0.1.1.4 Build01 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by: Michael Heinzl
CVE-2023-22345
CVE-2023-22346
CVE-2023-22347
CVE-2023-22349
CVE-2023-22350
CVE-2023-22353
CVE-2023-22360

Nov.18,2022 CVE-2022-2003 PLC series:
DL05
DL06
DL205
DL405
SJ
SJ-ETHER
SZ
SU
SL
SR-1T
PZ
Customers using the affected PLC series and using the password function. A vulnerability has been discovered that could allow a remote or local third party to steal passwords when using the password function in our PLC products. This vulnerability was discovered by:
Sam Hanson (DRAGOS, INC.)
CVE-2022-2004
May.09,2022 JVN#50337155 HMI GC-A2 series:
GC-A22W-CW
GC-A24W-C(W)
GC-A26W-C(W)
GC-A24
GC-A24-M
GC-A25
GC-A26
GC-A26-J2
"Product: Screen Creator Advance 2 Version: Prior to Ver.0.1.1.3 Build01" In prior to Ver.0.1.1.3 Build01, there is a vulnerability that allows you to authenticate without entering authentication information if you try remote control while satisfying multiple conditions. JTEKT ELECTRONICS CORPORATION formerly known as KOYO ELECTRONICS INDUSTRIES COMPANY LIMITED
SQA Team
CVE-2022-29518
Mar.15,2022 ZDI-22-543
ZDI-CAN-14868
Screen Creator Advance2(SCA2) Product: Screen Creator Advance 2
Version: Ver.0.1.1.1 Build02 and earlier
Remote code execution vulnerability caused stack based buffer overflow in file parsing. This vulnerability was discovered by:

Tran Van Khang-khangkito (VinCSS) working with Trend Micro Zero Day Initiative.
JVN#98676431

Vulnerability Information