Filtered by vendor Jtekt
Subscribe
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-49713 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | |||||
CVE-2023-49143 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | |||||
CVE-2023-49140 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | |||||
CVE-2023-42507 | 1 Jtekt | 1 Onsinview2 | 2024-11-21 | N/A | 7.8 HIGH |
Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file. | |||||
CVE-2023-42506 | 1 Jtekt | 1 Onsinview2 | 2024-11-21 | N/A | 7.8 HIGH |
Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file. | |||||
CVE-2023-41963 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | |||||
CVE-2023-41375 | 1 Jtekt | 1 Kostac Plc | 2024-11-21 | N/A | 7.8 HIGH |
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. | |||||
CVE-2023-41374 | 1 Jtekt | 1 Kostac Plc | 2024-11-21 | N/A | 7.8 HIGH |
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. | |||||
CVE-2023-25755 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed. | |||||
CVE-2023-22424 | 1 Jtekt | 1 Kostac Plc Programming Software | 2024-11-21 | N/A | 7.8 HIGH |
Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22421 | 1 Jtekt | 1 Kostac Plc Programming Software | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22419 | 1 Jtekt | 1 Kostac Plc Programming Software | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22360 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22353 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22350 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22349 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22347 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22346 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22345 | 1 Jtekt | 1 Screen Creator Advance 2 | 2024-11-21 | N/A | 7.8 HIGH |
Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2022-29958 | 1 Jtekt | 34 Nano 10gx Tuc-1157, Nano 10gx Tuc-1157 Firmware, Nano Cpu Tuc-6941 and 31 more | 2024-11-21 | N/A | 9.8 CRITICAL |
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU. |