PT-2023-5517 · Kostac · Kostac Plc Programming

Michael Heinzl

Publicado

2023-09-20

Atualizado

2023-09-22

CVE-2023-41374

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kostac PLC Programming Software versions 1.6.11.0 and earlier

Description The issue is related to a double free problem in the Kostac PLC Programming Software, which can be exploited by opening a specially crafted project file. This can lead to the execution of arbitrary code. The problem exists in the parsing of KPP project files. The vendor has implemented a function to prevent project file alteration in versions 1.6.10.0 and later.

Recommendations To mitigate the impact of this issue, save project files that were created using Kostac PLC Programming Software Version 1.6.9.0 and earlier again using Kostac PLC Programming Software Version 1.6.10.0 or later.

Correção

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

BDU:2023-06165

CVE-2023-41374

Produtos afetados

Kostac Plc Programming

PT-2023-5517 · Kostac · Kostac Plc Programming

CVE-2023-41374

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11