[Update notice] Kostac PLC Programming Software (KPP)
1.Overview
Multiple vulnerabilities were found in Kostac PLC Programming Software.
We will inform you of the contents and how to deal with them.
Please confirm the contents and apply the follow solution.
2.Products Affected
Product: Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
Version: Version 1.6.14.0 and earlier
3.Description
Kostac PLC Programming Software contains multiple vulnerabilities listed below.
Vulnerability 1) Out-of-bounds Write
When a specially crafted project file is opened in Kostac PLC Programming Software, Out-of-bounds Write occurs by processing invalid string data. This applies to project file saved with Kostac PLC Programming Software Version 1.6.9.0 or earlier.
| CWE ID: | CWE-787 |
| CVE ID: | CVE-2024-47134 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8 |
Vulnerability 2) Stack-based Buffer Overflow
When a specially crafted project file is opened in Kostac PLC Programming Software, Stack-based Buffer Overflow occurs by processing invalid PLC data. This applies to project file saved with Kostac PLC Programming Software Version 1.6.9.0 or earlier.
| CWE ID: | CWE-121 |
| CVE ID: | CVE-2024-47135 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8 |
Vulnerability 3) Out-of-bounds Read
When a specially crafted project file is opened in Kostac PLC Programming Software, Out-of-bounds Read occurs by processing some incorrect PLC instructions. This applies to project file saved with Kostac PLC Programming Software Version 1.6.9.0 or earlier.
| CWE ID: | CWE-125 |
| CVE ID: | CVE-2024-47136 |
| CVSS v3: | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8 |
4.Impact
Information disclosure and/or arbitrary code execution may occur by having a user to open a specially crafted project file.
5.Solution
Update Kostac PLC Programming Software
The version that contains fixes for these vulnerabilities is as follows.
Version: Version 1.6.15.0 and above
Project file saved with version 1.6.9.0 or earlier must be re-saved with version 1.6.10.0 or later to enable tamper-proof feature. If you have such a file, please re-saved it.
The latest version can be downloaded from the following our website.
https://www.electronics.jtekt.co.jp/en/download/plc/
6.Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with us.