Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
61 vulnerabilities by JTEKT ELECTRONICS CORPORATION
CVE-2025-26401 (GCVE-0-2025-26401)
Vulnerability from nvd – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:20
VLAI
EPSS
VEX
Summary
Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-261 - Weak encoding for password
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:20:14.818790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:20:28.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "Weak encoding for password",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:10:17.818Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26401",
"datePublished": "2025-04-04T02:10:17.818Z",
"dateReserved": "2025-03-18T01:13:11.370Z",
"dateUpdated": "2025-04-04T14:20:28.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25061 (GCVE-0-2025-25061)
Vulnerability from nvd – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:21
VLAI
EPSS
VEX
Summary
Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-441 - Unintended proxy or intermediary ('Confused Deputy')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
|
| JTEKT ELECTRONICS CORPORATION | HMI GC-A2 series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:20:50.585279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:05.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "HMI GC-A2 series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:10:08.271Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25061",
"datePublished": "2025-04-04T02:10:08.271Z",
"dateReserved": "2025-03-18T01:13:13.360Z",
"dateUpdated": "2025-04-04T14:21:05.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24317 (GCVE-0-2025-24317)
Vulnerability from nvd – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
VLAI
EPSS
VEX
Summary
Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of resources without limits or throttling
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
|
| JTEKT ELECTRONICS CORPORATION | HMI GC-A2 series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:21:19.158696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:28.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "HMI GC-A2 series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of resources without limits or throttling",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:09:58.316Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24317",
"datePublished": "2025-04-04T02:09:58.316Z",
"dateReserved": "2025-03-18T01:13:12.236Z",
"dateUpdated": "2025-04-04T14:21:28.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24310 (GCVE-0-2025-24310)
Vulnerability from nvd – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
VLAI
EPSS
VEX
Summary
Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:21:43.727821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:59.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product\u0027s web pages."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:09:41.821Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24310",
"datePublished": "2025-04-04T02:09:41.821Z",
"dateReserved": "2025-03-18T01:13:14.313Z",
"dateUpdated": "2025-04-04T14:21:59.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47136 (GCVE-0-2024-47136)
Vulnerability from nvd – Published: 2024-10-03 02:54 – Updated: 2024-10-03 15:29
VLAI
EPSS
VEX
Summary
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:27:40.398824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:29:25.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:54:16.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47136",
"datePublished": "2024-10-03T02:54:16.204Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:29:25.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47135 (GCVE-0-2024-47135)
Vulnerability from nvd – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:32
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:31:50.339454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:32:41.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:53:46.102Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47135",
"datePublished": "2024-10-03T02:53:46.102Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:32:41.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47134 (GCVE-0-2024-47134)
Vulnerability from nvd – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:34
VLAI
EPSS
VEX
Summary
Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:33:56.060654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:34:44.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:53:19.594Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47134",
"datePublished": "2024-10-03T02:53:19.594Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:34:44.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49713 (GCVE-0-2023-49713)
Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-08-02 22:01
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:26.932Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49713",
"datePublished": "2023-12-12T09:16:26.932Z",
"dateReserved": "2023-11-30T05:55:31.396Z",
"dateUpdated": "2024-08-02T22:01:26.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49143 (GCVE-0-2023-49143)
Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-08-02 21:46
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:20.067Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49143",
"datePublished": "2023-12-12T09:16:20.067Z",
"dateReserved": "2023-11-30T05:55:32.224Z",
"dateUpdated": "2024-08-02T21:46:28.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49140 (GCVE-0-2023-49140)
Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-10-08 19:23
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial-of-service (DoS)
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
|
| jtekt | gc-a22w-cw_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24w-c\(w\)_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24w-c\(w\)_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24-m_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a25_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26-j2_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a27-c_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a28-c_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26w-c\(w\)_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26w-c\(w\)_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a22w-cw_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24w-c\\(w\\)_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24-m_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a25_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26-j2_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a27-c_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a28-c_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26w-c\\(w\\)_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-12T17:31:40.315155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:23:02.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:13.379Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49140",
"datePublished": "2023-12-12T09:16:13.379Z",
"dateReserved": "2023-11-30T05:55:29.274Z",
"dateUpdated": "2024-10-08T19:23:02.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41963 (GCVE-0-2023-41963)
Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-08-02 19:09
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:04.421Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41963",
"datePublished": "2023-12-12T09:16:04.421Z",
"dateReserved": "2023-11-30T05:55:30.462Z",
"dateUpdated": "2024-08-02T19:09:49.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42507 (GCVE-0-2023-42507)
Vulnerability from nvd – Published: 2023-10-17 22:33 – Updated: 2024-09-13 15:31
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Stack-based buffer overflow
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | OnSinView2 |
Affected:
versions 2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:30:14.711758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:31:57.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OnSinView2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "versions 2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:33:33.352Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42507",
"datePublished": "2023-10-17T22:33:33.352Z",
"dateReserved": "2023-09-11T12:43:54.266Z",
"dateUpdated": "2024-09-13T15:31:57.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42506 (GCVE-0-2023-42506)
Vulnerability from nvd – Published: 2023-10-17 22:32 – Updated: 2024-09-13 15:33
VLAI
EPSS
VEX
Summary
Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper restriction of operations within the bounds of a memory buffer
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | OnSinView2 |
Affected:
versions 2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:32:52.728636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:33:48.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OnSinView2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "versions 2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of operations within the bounds of a memory buffer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:32:33.471Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42506",
"datePublished": "2023-10-17T22:32:33.471Z",
"dateReserved": "2023-09-11T12:43:54.265Z",
"dateUpdated": "2024-09-13T15:33:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26401 (GCVE-0-2025-26401)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:20
VLAI
EPSS
VEX
Summary
Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-261 - Weak encoding for password
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:20:14.818790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:20:28.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "Weak encoding for password",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:10:17.818Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26401",
"datePublished": "2025-04-04T02:10:17.818Z",
"dateReserved": "2025-03-18T01:13:11.370Z",
"dateUpdated": "2025-04-04T14:20:28.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25061 (GCVE-0-2025-25061)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:21
VLAI
EPSS
VEX
Summary
Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-441 - Unintended proxy or intermediary ('Confused Deputy')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
|
| JTEKT ELECTRONICS CORPORATION | HMI GC-A2 series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:20:50.585279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:05.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "HMI GC-A2 series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:10:08.271Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25061",
"datePublished": "2025-04-04T02:10:08.271Z",
"dateReserved": "2025-03-18T01:13:13.360Z",
"dateUpdated": "2025-04-04T14:21:05.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24317 (GCVE-0-2025-24317)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
VLAI
EPSS
VEX
Summary
Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of resources without limits or throttling
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
|
| JTEKT ELECTRONICS CORPORATION | HMI GC-A2 series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:21:19.158696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:28.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "HMI GC-A2 series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of resources without limits or throttling",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:09:58.316Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24317",
"datePublished": "2025-04-04T02:09:58.316Z",
"dateReserved": "2025-03-18T01:13:12.236Z",
"dateUpdated": "2025-04-04T14:21:28.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24310 (GCVE-0-2025-24310)
Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
VLAI
EPSS
VEX
Summary
Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | HMI ViewJet C-more series |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:21:43.727821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:21:59.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HMI ViewJet C-more series",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product\u0027s web pages."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T02:09:41.821Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
},
{
"url": "https://jvn.jp/en/jp/JVN17260367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24310",
"datePublished": "2025-04-04T02:09:41.821Z",
"dateReserved": "2025-03-18T01:13:14.313Z",
"dateUpdated": "2025-04-04T14:21:59.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47136 (GCVE-0-2024-47136)
Vulnerability from cvelistv5 – Published: 2024-10-03 02:54 – Updated: 2024-10-03 15:29
VLAI
EPSS
VEX
Summary
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:27:40.398824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:29:25.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:54:16.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47136",
"datePublished": "2024-10-03T02:54:16.204Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:29:25.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47135 (GCVE-0-2024-47135)
Vulnerability from cvelistv5 – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:32
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:31:50.339454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:32:41.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:53:46.102Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47135",
"datePublished": "2024-10-03T02:53:46.102Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:32:41.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47134 (GCVE-0-2024-47134)
Vulnerability from cvelistv5 – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:34
VLAI
EPSS
VEX
Summary
Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) |
Affected:
1.6.14.0 and earlier
|
|
| jtekt | kostac_plc_programming_software |
Affected:
0 , ≤ 1.6.14.0
(custom)
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kostac_plc_programming_software",
"vendor": "jtekt",
"versions": [
{
"lessThanOrEqual": "1.6.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:33:56.060654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:34:44.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "1.6.14.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T02:53:19.594Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
},
{
"url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92808077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47134",
"datePublished": "2024-10-03T02:53:19.594Z",
"dateReserved": "2024-09-18T23:29:17.957Z",
"dateUpdated": "2024-10-03T15:34:44.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49713 (GCVE-0-2023-49713)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 22:01
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:26.932Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49713",
"datePublished": "2023-12-12T09:16:26.932Z",
"dateReserved": "2023-11-30T05:55:31.396Z",
"dateUpdated": "2024-08-02T22:01:26.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49143 (GCVE-0-2023-49143)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 21:46
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:20.067Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49143",
"datePublished": "2023-12-12T09:16:20.067Z",
"dateReserved": "2023-11-30T05:55:32.224Z",
"dateUpdated": "2024-08-02T21:46:28.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49140 (GCVE-0-2023-49140)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-10-08 19:23
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial-of-service (DoS)
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
|
| jtekt | gc-a22w-cw_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24w-c\(w\)_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24w-c\(w\)_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a24-m_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a25_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26-j2_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a27-c_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a28-c_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:* |
|
| jtekt | gc-a26w-c\(w\)_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:jtekt:gc-a26w-c\(w\)_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a22w-cw_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24w-c\\(w\\)_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a24-m_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a25_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26-j2_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a27-c_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a28-c_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gc-a26w-c\\(w\\)_firmware",
"vendor": "jtekt",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-12T17:31:40.315155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:23:02.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:13.379Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49140",
"datePublished": "2023-12-12T09:16:13.379Z",
"dateReserved": "2023-11-30T05:55:29.274Z",
"dateUpdated": "2024-10-08T19:23:02.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41963 (GCVE-0-2023-41963)
Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 19:09
VLAI
EPSS
VEX
Summary
Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | GC-A22W-CW |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26W-C(W) |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A24-M |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A25 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A26-J2 |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A27-C |
Affected:
all versions
|
|
| JTEKT ELECTRONICS CORPORATION | GC-A28-C |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GC-A22W-CW",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26W-C(W)",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A24-M",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A25",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A26-J2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A27-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "GC-A28-C",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T09:16:04.421Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
},
{
"url": "https://jvn.jp/en/jp/JVN34145838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41963",
"datePublished": "2023-12-12T09:16:04.421Z",
"dateReserved": "2023-11-30T05:55:30.462Z",
"dateUpdated": "2024-08-02T19:09:49.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42507 (GCVE-0-2023-42507)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:33 – Updated: 2024-09-13 15:31
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Stack-based buffer overflow
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | OnSinView2 |
Affected:
versions 2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:30:14.711758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:31:57.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OnSinView2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "versions 2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:33:33.352Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42507",
"datePublished": "2023-10-17T22:33:33.352Z",
"dateReserved": "2023-09-11T12:43:54.266Z",
"dateUpdated": "2024-09-13T15:31:57.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42506 (GCVE-0-2023-42506)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:32 – Updated: 2024-09-13 15:33
VLAI
EPSS
VEX
Summary
Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper restriction of operations within the bounds of a memory buffer
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JTEKT ELECTRONICS CORPORATION | OnSinView2 |
Affected:
versions 2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:32:52.728636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:33:48.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OnSinView2",
"vendor": "JTEKT ELECTRONICS CORPORATION",
"versions": [
{
"status": "affected",
"version": "versions 2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of operations within the bounds of a memory buffer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:32:33.471Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98392064/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42506",
"datePublished": "2023-10-17T22:32:33.471Z",
"dateReserved": "2023-09-11T12:43:54.265Z",
"dateUpdated": "2024-09-13T15:33:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000022
Vulnerability from jvndb - Published: 2025-04-02 15:12 - Updated:2025-04-02 15:12
Severity
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products
Details
HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.
- Improper Restriction of Rendered UI Layers or Frames (CWE-1021) - CVE-2025-24310
- Allocation of Resources Without Limits or Throttling (CWE-770) - CVE-2025-24317
- Unintended Proxy or Intermediary ('Confused Deputy') (CWE-441) - CVE-2025-25061
- Weak Encoding for Password (CWE-261) - CVE-2025-26401
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000022.html",
"dc:date": "2025-04-02T15:12+09:00",
"dcterms:issued": "2025-04-02T15:12+09:00",
"dcterms:modified": "2025-04-02T15:12+09:00",
"description": "HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\t\u003cli\u003eImproper Restriction of Rendered UI Layers or Frames (CWE-1021) - CVE-2025-24310\u003c/li\u003e\r\n\t\u003cli\u003eAllocation of Resources Without Limits or Throttling (CWE-770) - CVE-2025-24317\u003c/li\u003e\r\n\t\u003cli\u003eUnintended Proxy or Intermediary (\u0026#39;Confused Deputy\u0026#39;) (CWE-441) - CVE-2025-25061\u003c/li\u003e\r\n\t\u003cli\u003eWeak Encoding for Password (CWE-261) - CVE-2025-26401\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nJTEKT ELECTRONICS CORPORATION reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000022.html",
"sec:cpe": [
{
"#text": "cpe:/o:jtekt:hmi_gc-a2_series",
"@product": "HMI GC-A2 Series",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:hmi_viewjet_c-more_series",
"@product": "HMI ViewJet C-more Series",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN17260367/index.html",
"@id": "JVN#17260367",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24306",
"@id": "CVE-2025-24310",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24317",
"@id": "CVE-2025-24317",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25061",
"@id": "CVE-2025-25061",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26401",
"@id": "CVE-2025-26401",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION\u0027s products"
}
JVNDB-2024-009667
Vulnerability from jvndb - Published: 2024-10-03 13:42 - Updated:2024-10-03 13:42
Severity
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
Details
Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
* Out-of-bounds write (CWE-787) - CVE-2024-47134
* Stack-based buffer overflow (CWE-121) - CVE-2024-47135
* Out-of-bounds read (CWE-125) - CVE-2024-47136
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009667.html",
"dc:date": "2024-10-03T13:42+09:00",
"dcterms:issued": "2024-10-03T13:42+09:00",
"dcterms:modified": "2024-10-03T13:42+09:00",
"description": "Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n * Out-of-bounds write (CWE-787) - CVE-2024-47134\r\n * Stack-based buffer overflow (CWE-121) - CVE-2024-47135\r\n * Out-of-bounds read (CWE-125) - CVE-2024-47136\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009667.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:kostac_plc",
"@product": "Kostac PLC Programming Software",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-009667",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92808077/index.html",
"@id": "JVNVU#92808077",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47134",
"@id": "CVE-2024-47134",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47135",
"@id": "CVE-2024-47135",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47136",
"@id": "CVE-2024-47136",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software"
}
JVNDB-2023-000122
Vulnerability from jvndb - Published: 2023-12-11 14:12 - Updated:2024-04-22 16:55
Severity
Summary
Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
Details
HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below.
- Denial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963
- Denial-of-service (DoS) vulnerability in commplex-link service (CWE-400) - CVE-2023-49140
- Denial-of-service (DoS) vulnerability in rfe service (CWE-400) - CVE-2023-49143
- Denial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) - CVE-2023-49713
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000122.html",
"dc:date": "2024-04-22T16:55+09:00",
"dcterms:issued": "2023-12-11T14:12+09:00",
"dcterms:modified": "2024-04-22T16:55+09:00",
"description": "HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963\u003c/li\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in commplex-link service (CWE-400) - CVE-2023-49140\u003c/li\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in rfe service (CWE-400) - CVE-2023-49143\u003c/li\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) - CVE-2023-49713\u003c/li\u003e\u003c/ul\u003e\r\nJTEKT ELECTRONICS CORPORATION reported these vulnerabilities to IPA to notify users of the solution through JVN. JPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000122.html",
"sec:cpe": [
{
"#text": "cpe:/o:jtekt:gc-a22w-cw_firmware",
"@product": "GC-A22W-CW",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a24-m_firmware",
"@product": "GC-A24-M",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a24w-c%28w%29_firmware",
"@product": "GC-A24W-C(W)",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a24_firmware",
"@product": "GC-A24",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a25_firmware",
"@product": "GC-A25",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a26-j2_firmware",
"@product": "GC-A26-J2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a26w-c%28w%29_firmware",
"@product": "GC-A26W-C(W)",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a26_firmware",
"@product": "GC-A26",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a27-c_firmware",
"@product": "GC-A27-C",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:jtekt:gc-a28-c_firmware",
"@product": "GC-A28-C",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000122",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN34145838/index.html",
"@id": "JVN#34145838",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41963",
"@id": "CVE-2023-41963",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-49140",
"@id": "CVE-2023-49140",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-49143",
"@id": "CVE-2023-49143",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-49713",
"@id": "CVE-2023-49713",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41963",
"@id": "CVE-2023-41963",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49140",
"@id": "CVE-2023-49140",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49143",
"@id": "CVE-2023-49143",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49713",
"@id": "CVE-2023-49713",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series"
}
JVNDB-2023-003913
Vulnerability from jvndb - Published: 2023-10-18 14:13 - Updated:2024-05-16 17:28
Severity
Summary
Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2
Details
OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.
* Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-42506
* Stack-based buffer overflow (CWE-121) - CVE-2023-42507
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003913.html",
"dc:date": "2024-05-16T17:28+09:00",
"dcterms:issued": "2023-10-18T14:13+09:00",
"dcterms:modified": "2024-05-16T17:28+09:00",
"description": "OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n * Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-42506\r\n * Stack-based buffer overflow (CWE-121) - CVE-2023-42507\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003913.html",
"sec:cpe": {
"#text": "cpe:/a:jtekt:onsinview2",
"@product": "OnSinView2",
"@vendor": "JTEKT ELECTRONICS CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-003913",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98392064/index.html",
"@id": "JVNVU#98392064",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-42506",
"@id": "CVE-2023-42506",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-42507",
"@id": "CVE-2023-42507",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-42506",
"@id": "CVE-2023-42506",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-42507",
"@id": "CVE-2023-42507",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
}
],
"title": "Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2"
}