CVE-2023-25755: JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer

Published:2023/03/31 Last Updated:2023/03/31

Overview

Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer.

Products Affected

• Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier

Description

Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.

Impact

If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.

Solution

Update the software
Update Screen Creator Advance 2 to the latest version according to the information provided by the developer.
The developer released the below version that contains a fix for this vulnerability.

• Screen Creator Advance 2 Ver.0.1.1.4 Build01B and above

The latest update can be obtained from the developer’s website listed below.

• HMI - Download｜JTEKT ELECTRONICS CORPORATION

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector(AV)

Physical §

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required ®

None (N)

Scope(S)

Unchanged (U)

Changed ©

Confidentiality Impact©

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

Credit

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert

JPCERT Reports

CERT Advisory

CPNI Advisory

TRnotes

CVE

CVE-2023-25755

JVN iPedia