Vulnerabilites related to keyence - kv_replay_viewer
cve-2023-42138
Vulnerability from cvelistv5
Published
2023-10-11 08:53
Modified
2024-09-18 15:56
Severity ?
Summary
Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.
References
https://www.keyence.com/vulnerability231001
https://jvn.jp/en/vu/JVNVU94752076/index.html
Impacted products
Vendor Product Version
KEYENCE CORPORATION KV STUDIO Version: Ver. 11.62 and earlier
 Create a notification for this product.
   KEYENCE CORPORATION KV REPLAY VIEWER Version: Ver. 2.62 and earlier
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:16:50.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.keyence.com/vulnerability231001"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU94752076/index.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T15:56:37.843128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T15:56:54.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "KV STUDIO",
          "vendor": "KEYENCE CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "Ver. 11.62 and earlier"
            }
          ]
        },
        {
          "product": "KV REPLAY VIEWER",
          "vendor": "KEYENCE CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "Ver. 2.62 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T08:53:24.872Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.keyence.com/vulnerability231001"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU94752076/index.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-42138",
    "datePublished": "2023-10-11T08:53:24.872Z",
    "dateReserved": "2023-09-08T02:20:58.383Z",
    "dateUpdated": "2024-09-18T15:56:54.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2023-10-11 09:15
Modified
2024-11-21 08:22
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.
References
vultures@jpcert.or.jphttps://jvn.jp/en/vu/JVNVU94752076/index.htmlThird Party Advisory
vultures@jpcert.or.jphttps://www.keyence.com/vulnerability231001Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jvn.jp/en/vu/JVNVU94752076/index.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.keyence.com/vulnerability231001Vendor Advisory
Impacted products
Vendor Product Version
keyence kv_replay_viewer *
keyence kv_studio *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:keyence:kv_replay_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7533712-71AB-44CD-86F7-7F694FE353B9",
              "versionEndExcluding": "2.63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:keyence:kv_studio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFABC3F-F01D-4B37-9D66-929A396D2E27",
              "versionEndExcluding": "11.63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de lectura fuera de l\u00edmites en KV STUDIO Ver. 11.62 y anteriores y KV REPLAY VIEWER Ver. 2.62 y anteriores. Si se explota esta vulnerabilidad, se puede divulgar informaci\u00f3n o se puede ejecutar c\u00f3digo arbitrario haciendo que un usuario de KV STUDIO PLAYER abra un archivo especialmente manipulado."
    }
  ],
  "id": "CVE-2023-42138",
  "lastModified": "2024-11-21T08:22:21.193",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-11T09:15:10.417",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU94752076/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.keyence.com/vulnerability231001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU94752076/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.keyence.com/vulnerability231001"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}