Refine your search
3 vulnerabilities found for Screen Creator Advance 2 by JTEKT ELECTRONICS CORPORATION
jvndb-2023-001402
Vulnerability from jvndb
Published
2023-04-03 16:24
Modified
2024-06-04 17:15
Severity ?
Summary
JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer
Details
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001402.html",
"dc:date": "2024-06-04T17:15+09:00",
"dcterms:issued": "2023-04-03T16:24+09:00",
"dcterms:modified": "2024-06-04T17:15+09:00",
"description": "Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file.\r\n\r\nMichael Heinzl reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001402.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:screen_creator_advance_2",
"@product": "Screen Creator Advance 2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001402",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99710864/index.html",
"@id": "JVNVU#99710864",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25755",
"@id": "CVE-2023-25755",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25755",
"@id": "CVE-2023-25755",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer"
}
jvndb-2023-001212
Vulnerability from jvndb
Published
2023-02-08 12:46
Modified
2024-06-10 17:25
Severity ?
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2
Details
Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
* Out-of-bound write (CWE-787) - CVE-2023-22345
* Out-of-bound read (CWE-125) - CVE-2023-22346, CVE-2023-22347, CVE-2023-22349, CVE-2023-22350, CVE-2023-22353
* Use-after-free (CWE-416) - CVE-2023-22360
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001212.html",
"dc:date": "2024-06-10T17:25+09:00",
"dcterms:issued": "2023-02-08T12:46+09:00",
"dcterms:modified": "2024-06-10T17:25+09:00",
"description": "Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n * Out-of-bound write (CWE-787) - CVE-2023-22345\r\n * Out-of-bound read (CWE-125) - CVE-2023-22346, CVE-2023-22347, CVE-2023-22349, CVE-2023-22350, CVE-2023-22353\r\n * Use-after-free (CWE-416) - CVE-2023-22360\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001212.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:screen_creator_advance_2",
"@product": "Screen Creator Advance 2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001212",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98917488/",
"@id": "JVNVU#98917488",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22345",
"@id": "CVE-2023-22345",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22346",
"@id": "CVE-2023-22346",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22347",
"@id": "CVE-2023-22347",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22349",
"@id": "CVE-2023-22349",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22350",
"@id": "CVE-2023-22350",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22353",
"@id": "CVE-2023-22353",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22360",
"@id": "CVE-2023-22360",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22345",
"@id": "CVE-2023-22345",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22346",
"@id": "CVE-2023-22346",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22347",
"@id": "CVE-2023-22347",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22349",
"@id": "CVE-2023-22349",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22350",
"@id": "CVE-2023-22350",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22353",
"@id": "CVE-2023-22353",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22360",
"@id": "CVE-2023-22360",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-02",
"@id": "ICSA-23-096-02",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/416.html",
"@id": "CWE-416",
"@title": "Use After Free(CWE-416)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2"
}
jvndb-2022-000029
Vulnerability from jvndb
Published
2022-05-09 14:43
Modified
2024-06-19 16:03
Severity ?
Summary
KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
Details
Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS's HMI.
Screen Creator Advance2 contains an authentication bypass vulnerability (CWE-807) due to the improper check for the Remote control setting's account names.
KOYO ELECTRONICS INDUSTRIES CO., LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and KOYO ELECTRONICS INDUSTRIES CO., LTD. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000029.html",
"dc:date": "2024-06-19T16:03+09:00",
"dcterms:issued": "2022-05-09T14:43+09:00",
"dcterms:modified": "2024-06-19T16:03+09:00",
"description": "Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS\u0027s HMI.\r\nScreen Creator Advance2 contains an authentication bypass vulnerability (CWE-807) due to the improper check for the Remote control setting\u0027s account names.\r\n\r\nKOYO ELECTRONICS INDUSTRIES CO., LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and KOYO ELECTRONICS INDUSTRIES CO., LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000029.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:screen_creator_advance_2",
"@product": "Screen Creator Advance 2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.1",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50337155/index.html",
"@id": "JVN#50337155",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-29518",
"@id": "CVE-2022-29518",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29518",
"@id": "CVE-2022-29518",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass"
}