Headline
CVE-2023-42507: Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2
Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Published:2023/10/17 Last Updated:2023/10/17
Overview
OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities.
Products Affected
- OnSinView2 versions 2.0.1 and earlier
Description
OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-42506
CVSS v3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score: 7.8
Stack-based buffer overflow (CWE-121) - CVE-2023-42507
CVSS v3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score: 7.8
Impact
If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer released the following versions that contain fixes for these vulnerabilities.
- OnSinView2 versions 2.0.2 and later
The latest update can be obtained from the developer’s website listed below.
- IoT - Download|JTEKT ELECTRONICS CORPORATION
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information