[Update notice] Kostac PLC Programming Software (KPP)

Sep. 12, 2023

1.Overview

Multiple vulnerabilities were found in Kostac PLC Programming Software.
We will inform you of the contents and how to deal with them.
Please confirm the contents and apply the follow solution.

2.Products Affected

Product: Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
Version: Version 1.6.11.0 and earlier

3.Description

Kostac PLC Programming Software contains multiple vulnerabilities listed below.

Vulnerability 1) Double Free

When a specially crafted project file is opened in Kostac PLC Programming Software, memory is double freed while processing line number information.
This applies to project file saved with Kostac PLC Programming Software Version 1.6.9.0 or earlier.

CWE ID: CWE-415
CVE ID: CVE-2023-41374
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8

Vulnerability 2) Use After Free

When a specially crafted project file is opened in Kostac PLC Programming Software, freed memory is used during the processing of information in the display column.
This applies to project file saved with Kostac PLC Programming Software Version 1.6.9.0 or earlier.

CWE ID: CWE-416
CVE ID: CVE-2023-41375
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8

4.Impact

Information disclosure and/or arbitrary code execution may occur by having a user to open a specially crafted project file.

5.Solution

Update Kostac PLC Programming Software

The version that contains fixes for these vulnerabilities is as follows.

Version: Version 1.6.12.0 and above

Project file saved with version 1.6.9.0 or earlier must be re-saved with version 1.6.10.0 or later to enable tamper-proof feature. If you have such a file, please re-saved it.
The latest version can be downloaded from the following our website.

https://www.electronics.jtekt.co.jp/en/download/plc/

6.Credit

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with us.