Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    61 vulnerabilities by JTEKT ELECTRONICS CORPORATION

    CVE-2025-26401 (GCVE-0-2025-26401)

    Vulnerability from nvd – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:20
    VLAI
    Summary
    Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak encoding for password
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:14.818790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:20:28.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "Weak encoding for password",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:17.818Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26401",
        "datePublished": "2025-04-04T02:10:17.818Z",
        "dateReserved": "2025-03-18T01:13:11.370Z",
        "dateUpdated": "2025-04-04T14:20:28.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25061 (GCVE-0-2025-25061)

    Vulnerability from nvd – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended proxy or intermediary ('Confused Deputy')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:50.585279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:05.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-441",
                  "description": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:08.271Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25061",
        "datePublished": "2025-04-04T02:10:08.271Z",
        "dateReserved": "2025-03-18T01:13:13.360Z",
        "dateUpdated": "2025-04-04T14:21:05.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24317 (GCVE-0-2025-24317)

    Vulnerability from nvd – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:19.158696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:28.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of resources without limits or throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:58.316Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24317",
        "datePublished": "2025-04-04T02:09:58.316Z",
        "dateReserved": "2025-03-18T01:13:12.236Z",
        "dateUpdated": "2025-04-04T14:21:28.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24310 (GCVE-0-2025-24310)

    Vulnerability from nvd – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:43.727821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:59.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product\u0027s web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:41.821Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24310",
        "datePublished": "2025-04-04T02:09:41.821Z",
        "dateReserved": "2025-03-18T01:13:14.313Z",
        "dateUpdated": "2025-04-04T14:21:59.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47136 (GCVE-0-2024-47136)

    Vulnerability from nvd – Published: 2024-10-03 02:54 – Updated: 2024-10-03 15:29
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Affected: 1.6.14.0 and earlier
    Create a notification for this product.
    jtekt kostac_plc_programming_software Affected: 0 , ≤ 1.6.14.0 (custom)
        cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kostac_plc_programming_software",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:27:40.398824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T15:29:25.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.14.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T02:54:16.204Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92808077/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47136",
        "datePublished": "2024-10-03T02:54:16.204Z",
        "dateReserved": "2024-09-18T23:29:17.957Z",
        "dateUpdated": "2024-10-03T15:29:25.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47135 (GCVE-0-2024-47135)

    Vulnerability from nvd – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:32
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Affected: 1.6.14.0 and earlier
    Create a notification for this product.
    jtekt kostac_plc_programming_software Affected: 0 , ≤ 1.6.14.0 (custom)
        cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kostac_plc_programming_software",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:31:50.339454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T15:32:41.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.14.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T02:53:46.102Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92808077/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47135",
        "datePublished": "2024-10-03T02:53:46.102Z",
        "dateReserved": "2024-09-18T23:29:17.957Z",
        "dateUpdated": "2024-10-03T15:32:41.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47134 (GCVE-0-2024-47134)

    Vulnerability from nvd – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:34
    VLAI
    Summary
    Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Affected: 1.6.14.0 and earlier
    Create a notification for this product.
    jtekt kostac_plc_programming_software Affected: 0 , ≤ 1.6.14.0 (custom)
        cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kostac_plc_programming_software",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:33:56.060654Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T15:34:44.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.14.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds write",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T02:53:19.594Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92808077/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47134",
        "datePublished": "2024-10-03T02:53:19.594Z",
        "dateReserved": "2024-09-18T23:29:17.957Z",
        "dateUpdated": "2024-10-03T15:34:44.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49713 (GCVE-0-2023-49713)

    Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-08-02 22:01
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:26.024Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:26.932Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49713",
        "datePublished": "2023-12-12T09:16:26.932Z",
        "dateReserved": "2023-11-30T05:55:31.396Z",
        "dateUpdated": "2024-08-02T22:01:26.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49143 (GCVE-0-2023-49143)

    Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-08-02 21:46
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:28.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:20.067Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49143",
        "datePublished": "2023-12-12T09:16:20.067Z",
        "dateReserved": "2023-11-30T05:55:32.224Z",
        "dateUpdated": "2024-08-02T21:46:28.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49140 (GCVE-0-2023-49140)

    Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-10-08 19:23
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial-of-service (DoS)
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION GC-A22W-CW Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A24W-C(W) Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A26W-C(W) Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A24 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A24-M Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A25 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A26 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A26-J2 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A27-C Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A28-C Affected: all versions
    Create a notification for this product.
    jtekt gc-a22w-cw_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a24w-c\(w\)_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a24w-c\(w\)_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a24_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a24-m_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a25_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a26_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a26-j2_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a27-c_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a28-c_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a26w-c\(w\)_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a26w-c\(w\)_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:29.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a22w-cw_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a24w-c\\(w\\)_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a24_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a24-m_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a25_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a26_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a26-j2_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a27-c_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a28-c_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a26w-c\\(w\\)_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-12T17:31:40.315155Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:23:02.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:13.379Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49140",
        "datePublished": "2023-12-12T09:16:13.379Z",
        "dateReserved": "2023-11-30T05:55:29.274Z",
        "dateUpdated": "2024-10-08T19:23:02.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41963 (GCVE-0-2023-41963)

    Vulnerability from nvd – Published: 2023-12-12 09:16 – Updated: 2024-08-02 19:09
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:04.421Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-41963",
        "datePublished": "2023-12-12T09:16:04.421Z",
        "dateReserved": "2023-11-30T05:55:30.462Z",
        "dateUpdated": "2024-08-02T19:09:49.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42507 (GCVE-0-2023-42507)

    Vulnerability from nvd – Published: 2023-10-17 22:33 – Updated: 2024-09-13 15:31
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION OnSinView2 Affected: versions 2.0.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.368Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98392064/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T15:30:14.711758Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T15:31:57.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnSinView2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 2.0.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-17T22:33:33.352Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98392064/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-42507",
        "datePublished": "2023-10-17T22:33:33.352Z",
        "dateReserved": "2023-09-11T12:43:54.266Z",
        "dateUpdated": "2024-09-13T15:31:57.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42506 (GCVE-0-2023-42506)

    Vulnerability from nvd – Published: 2023-10-17 22:32 – Updated: 2024-09-13 15:33
    VLAI
    Summary
    Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper restriction of operations within the bounds of a memory buffer
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION OnSinView2 Affected: versions 2.0.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:38.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98392064/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42506",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T15:32:52.728636Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T15:33:48.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnSinView2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 2.0.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper restriction of operations within the bounds of a memory buffer",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-17T22:32:33.471Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98392064/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-42506",
        "datePublished": "2023-10-17T22:32:33.471Z",
        "dateReserved": "2023-09-11T12:43:54.265Z",
        "dateUpdated": "2024-09-13T15:33:48.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26401 (GCVE-0-2025-26401)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:20
    VLAI
    Summary
    Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak encoding for password
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:14.818790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:20:28.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "Weak encoding for password",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:17.818Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26401",
        "datePublished": "2025-04-04T02:10:17.818Z",
        "dateReserved": "2025-03-18T01:13:11.370Z",
        "dateUpdated": "2025-04-04T14:20:28.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25061 (GCVE-0-2025-25061)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended proxy or intermediary ('Confused Deputy')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:50.585279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:05.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-441",
                  "description": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:08.271Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25061",
        "datePublished": "2025-04-04T02:10:08.271Z",
        "dateReserved": "2025-03-18T01:13:13.360Z",
        "dateUpdated": "2025-04-04T14:21:05.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24317 (GCVE-0-2025-24317)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:19.158696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:28.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of resources without limits or throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:58.316Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24317",
        "datePublished": "2025-04-04T02:09:58.316Z",
        "dateReserved": "2025-03-18T01:13:12.236Z",
        "dateUpdated": "2025-04-04T14:21:28.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24310 (GCVE-0-2025-24310)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:43.727821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:59.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product\u0027s web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:41.821Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24310",
        "datePublished": "2025-04-04T02:09:41.821Z",
        "dateReserved": "2025-03-18T01:13:14.313Z",
        "dateUpdated": "2025-04-04T14:21:59.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47136 (GCVE-0-2024-47136)

    Vulnerability from cvelistv5 – Published: 2024-10-03 02:54 – Updated: 2024-10-03 15:29
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Affected: 1.6.14.0 and earlier
    Create a notification for this product.
    jtekt kostac_plc_programming_software Affected: 0 , ≤ 1.6.14.0 (custom)
        cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kostac_plc_programming_software",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:27:40.398824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T15:29:25.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.14.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T02:54:16.204Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92808077/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47136",
        "datePublished": "2024-10-03T02:54:16.204Z",
        "dateReserved": "2024-09-18T23:29:17.957Z",
        "dateUpdated": "2024-10-03T15:29:25.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47135 (GCVE-0-2024-47135)

    Vulnerability from cvelistv5 – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:32
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Affected: 1.6.14.0 and earlier
    Create a notification for this product.
    jtekt kostac_plc_programming_software Affected: 0 , ≤ 1.6.14.0 (custom)
        cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kostac_plc_programming_software",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:31:50.339454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T15:32:41.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.14.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T02:53:46.102Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92808077/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47135",
        "datePublished": "2024-10-03T02:53:46.102Z",
        "dateReserved": "2024-09-18T23:29:17.957Z",
        "dateUpdated": "2024-10-03T15:32:41.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47134 (GCVE-0-2024-47134)

    Vulnerability from cvelistv5 – Published: 2024-10-03 02:53 – Updated: 2024-10-03 15:34
    VLAI
    Summary
    Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Affected: 1.6.14.0 and earlier
    Create a notification for this product.
    jtekt kostac_plc_programming_software Affected: 0 , ≤ 1.6.14.0 (custom)
        cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kostac_plc_programming_software",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:33:56.060654Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T15:34:44.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.14.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds write",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T02:53:19.594Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202410026928/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92808077/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47134",
        "datePublished": "2024-10-03T02:53:19.594Z",
        "dateReserved": "2024-09-18T23:29:17.957Z",
        "dateUpdated": "2024-10-03T15:34:44.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49713 (GCVE-0-2023-49713)

    Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 22:01
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:26.024Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:26.932Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49713",
        "datePublished": "2023-12-12T09:16:26.932Z",
        "dateReserved": "2023-11-30T05:55:31.396Z",
        "dateUpdated": "2024-08-02T22:01:26.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49143 (GCVE-0-2023-49143)

    Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 21:46
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:28.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:20.067Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49143",
        "datePublished": "2023-12-12T09:16:20.067Z",
        "dateReserved": "2023-11-30T05:55:32.224Z",
        "dateUpdated": "2024-08-02T21:46:28.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49140 (GCVE-0-2023-49140)

    Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-10-08 19:23
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial-of-service (DoS)
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION GC-A22W-CW Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A24W-C(W) Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A26W-C(W) Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A24 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A24-M Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A25 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A26 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A26-J2 Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A27-C Affected: all versions
    Create a notification for this product.
    JTEKT ELECTRONICS CORPORATION GC-A28-C Affected: all versions
    Create a notification for this product.
    jtekt gc-a22w-cw_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a24w-c\(w\)_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a24w-c\(w\)_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a24_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a24-m_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a25_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a26_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a26-j2_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a27-c_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a28-c_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    jtekt gc-a26w-c\(w\)_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:jtekt:gc-a26w-c\(w\)_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:29.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a22w-cw_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a24w-c\\(w\\)_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a24_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a24-m_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a25_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a26_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a26-j2_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a27-c_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a28-c_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gc-a26w-c\\(w\\)_firmware",
                "vendor": "jtekt",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-12T17:31:40.315155Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:23:02.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:13.379Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49140",
        "datePublished": "2023-12-12T09:16:13.379Z",
        "dateReserved": "2023-11-30T05:55:29.274Z",
        "dateUpdated": "2024-10-08T19:23:02.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41963 (GCVE-0-2023-41963)

    Vulnerability from cvelistv5 – Published: 2023-12-12 09:16 – Updated: 2024-08-02 19:09
    VLAI
    Summary
    Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34145838/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GC-A22W-CW",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26W-C(W)",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A24-M",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A25",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A26-J2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A27-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "GC-A28-C",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-12T09:16:04.421Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN34145838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-41963",
        "datePublished": "2023-12-12T09:16:04.421Z",
        "dateReserved": "2023-11-30T05:55:30.462Z",
        "dateUpdated": "2024-08-02T19:09:49.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42507 (GCVE-0-2023-42507)

    Vulnerability from cvelistv5 – Published: 2023-10-17 22:33 – Updated: 2024-09-13 15:31
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION OnSinView2 Affected: versions 2.0.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.368Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98392064/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T15:30:14.711758Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T15:31:57.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnSinView2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 2.0.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-17T22:33:33.352Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98392064/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-42507",
        "datePublished": "2023-10-17T22:33:33.352Z",
        "dateReserved": "2023-09-11T12:43:54.266Z",
        "dateUpdated": "2024-09-13T15:31:57.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42506 (GCVE-0-2023-42506)

    Vulnerability from cvelistv5 – Published: 2023-10-17 22:32 – Updated: 2024-09-13 15:33
    VLAI
    Summary
    Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper restriction of operations within the bounds of a memory buffer
    Assigner
    Impacted products
    Vendor Product Version
    JTEKT ELECTRONICS CORPORATION OnSinView2 Affected: versions 2.0.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:38.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98392064/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42506",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T15:32:52.728636Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T15:33:48.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnSinView2",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 2.0.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper restriction of operations within the bounds of a memory buffer",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-17T22:32:33.471Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202310175488/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98392064/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-42506",
        "datePublished": "2023-10-17T22:32:33.471Z",
        "dateReserved": "2023-09-11T12:43:54.265Z",
        "dateUpdated": "2024-09-13T15:33:48.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000022

    Vulnerability from jvndb - Published: 2025-04-02 15:12 - Updated:2025-04-02 15:12
    Severity
    Summary
    Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products
    Details
    HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.
    • Improper Restriction of Rendered UI Layers or Frames (CWE-1021) - CVE-2025-24310
    • Allocation of Resources Without Limits or Throttling (CWE-770) - CVE-2025-24317
    • Unintended Proxy or Intermediary ('Confused Deputy') (CWE-441) - CVE-2025-25061
    • Weak Encoding for Password (CWE-261) - CVE-2025-26401
    JTEKT ELECTRONICS CORPORATION reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000022.html",
      "dc:date": "2025-04-02T15:12+09:00",
      "dcterms:issued": "2025-04-02T15:12+09:00",
      "dcterms:modified": "2025-04-02T15:12+09:00",
      "description": "HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\t\u003cli\u003eImproper Restriction of Rendered UI Layers or Frames (CWE-1021) - CVE-2025-24310\u003c/li\u003e\r\n\t\u003cli\u003eAllocation of Resources Without Limits or Throttling (CWE-770) - CVE-2025-24317\u003c/li\u003e\r\n\t\u003cli\u003eUnintended Proxy or Intermediary (\u0026#39;Confused Deputy\u0026#39;) (CWE-441) - CVE-2025-25061\u003c/li\u003e\r\n\t\u003cli\u003eWeak Encoding for Password (CWE-261) - CVE-2025-26401\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nJTEKT ELECTRONICS CORPORATION reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000022.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:jtekt:hmi_gc-a2_series",
          "@product": "HMI GC-A2 Series",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:hmi_viewjet_c-more_series",
          "@product": "HMI ViewJet C-more Series",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000022",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN17260367/index.html",
          "@id": "JVN#17260367",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24306",
          "@id": "CVE-2025-24310",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24317",
          "@id": "CVE-2025-24317",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25061",
          "@id": "CVE-2025-25061",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26401",
          "@id": "CVE-2025-26401",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION\u0027s products"
    }

    JVNDB-2024-009667

    Vulnerability from jvndb - Published: 2024-10-03 13:42 - Updated:2024-10-03 13:42
    Severity
    Summary
    Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
    Details
    Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. * Out-of-bounds write (CWE-787) - CVE-2024-47134 * Stack-based buffer overflow (CWE-121) - CVE-2024-47135 * Out-of-bounds read (CWE-125) - CVE-2024-47136 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009667.html",
      "dc:date": "2024-10-03T13:42+09:00",
      "dcterms:issued": "2024-10-03T13:42+09:00",
      "dcterms:modified": "2024-10-03T13:42+09:00",
      "description": "Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n  * Out-of-bounds write (CWE-787) - CVE-2024-47134\r\n  * Stack-based buffer overflow (CWE-121) - CVE-2024-47135\r\n  * Out-of-bounds read (CWE-125) - CVE-2024-47136\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009667.html",
      "sec:cpe": {
        "#text": "cpe:/a:jtekt:kostac_plc",
        "@product": "Kostac PLC Programming Software",
        "@vendor": "JTEKT ELECTRONICS CORPORATION",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-009667",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU92808077/index.html",
          "@id": "JVNVU#92808077",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47134",
          "@id": "CVE-2024-47134",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47135",
          "@id": "CVE-2024-47135",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47136",
          "@id": "CVE-2024-47136",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/121.html",
          "@id": "CWE-121",
          "@title": "Stack-based Buffer Overflow(CWE-121)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/125.html",
          "@id": "CWE-125",
          "@title": "Out-of-bounds Read(CWE-125)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/787.html",
          "@id": "CWE-787",
          "@title": "Out-of-bounds Write(CWE-787)"
        }
      ],
      "title": "Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software"
    }

    JVNDB-2023-000122

    Vulnerability from jvndb - Published: 2023-12-11 14:12 - Updated:2024-04-22 16:55
    Severity
    Summary
    Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
    Details
    HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below.
    • Denial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963
    • Denial-of-service (DoS) vulnerability in commplex-link service (CWE-400) - CVE-2023-49140
    • Denial-of-service (DoS) vulnerability in rfe service (CWE-400) - CVE-2023-49143
    • Denial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) - CVE-2023-49713
    JTEKT ELECTRONICS CORPORATION reported these vulnerabilities to IPA to notify users of the solution through JVN. JPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000122.html",
      "dc:date": "2024-04-22T16:55+09:00",
      "dcterms:issued": "2023-12-11T14:12+09:00",
      "dcterms:modified": "2024-04-22T16:55+09:00",
      "description": "HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963\u003c/li\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in commplex-link service (CWE-400) - CVE-2023-49140\u003c/li\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in rfe service (CWE-400) - CVE-2023-49143\u003c/li\u003e\u003cli\u003eDenial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) - CVE-2023-49713\u003c/li\u003e\u003c/ul\u003e\r\nJTEKT ELECTRONICS CORPORATION reported these vulnerabilities to IPA to notify users of the solution through JVN. JPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000122.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:jtekt:gc-a22w-cw_firmware",
          "@product": "GC-A22W-CW",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a24-m_firmware",
          "@product": "GC-A24-M",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a24w-c%28w%29_firmware",
          "@product": "GC-A24W-C(W)",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a24_firmware",
          "@product": "GC-A24",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a25_firmware",
          "@product": "GC-A25",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a26-j2_firmware",
          "@product": "GC-A26-J2",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a26w-c%28w%29_firmware",
          "@product": "GC-A26W-C(W)",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a26_firmware",
          "@product": "GC-A26",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a27-c_firmware",
          "@product": "GC-A27-C",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:gc-a28-c_firmware",
          "@product": "GC-A28-C",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "@version": "2.0"
        },
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000122",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN34145838/index.html",
          "@id": "JVN#34145838",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-41963",
          "@id": "CVE-2023-41963",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-49140",
          "@id": "CVE-2023-49140",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-49143",
          "@id": "CVE-2023-49143",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-49713",
          "@id": "CVE-2023-49713",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41963",
          "@id": "CVE-2023-41963",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49140",
          "@id": "CVE-2023-49140",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49143",
          "@id": "CVE-2023-49143",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49713",
          "@id": "CVE-2023-49713",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series"
    }

    JVNDB-2023-003913

    Vulnerability from jvndb - Published: 2023-10-18 14:13 - Updated:2024-05-16 17:28
    Severity
    Summary
    Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2
    Details
    OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. * Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-42506 * Stack-based buffer overflow (CWE-121) - CVE-2023-42507 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003913.html",
      "dc:date": "2024-05-16T17:28+09:00",
      "dcterms:issued": "2023-10-18T14:13+09:00",
      "dcterms:modified": "2024-05-16T17:28+09:00",
      "description": "OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n  * Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-42506\r\n  * Stack-based buffer overflow (CWE-121) - CVE-2023-42507\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003913.html",
      "sec:cpe": {
        "#text": "cpe:/a:jtekt:onsinview2",
        "@product": "OnSinView2",
        "@vendor": "JTEKT ELECTRONICS CORPORATION",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2023-003913",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU98392064/index.html",
          "@id": "JVNVU#98392064",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-42506",
          "@id": "CVE-2023-42506",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-42507",
          "@id": "CVE-2023-42507",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-42506",
          "@id": "CVE-2023-42506",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-42507",
          "@id": "CVE-2023-42507",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/121.html",
          "@id": "CWE-121",
          "@title": "Stack-based Buffer Overflow(CWE-121)"
        }
      ],
      "title": "Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2"
    }