CVE-2023-41375

Name of the Vulnerable Software and Affected Versions Kostac PLC Programming Software versions 1.6.9.0 and earlier Kostac PLC Programming Software version 1.6.11.0

Description The issue is related to a use after free vulnerability, which can be exploited by opening a specially crafted project file, potentially allowing arbitrary code execution. This vulnerability exists in the parsing of KPP project files. The vendor has stated that versions 1.6.10.0 or later implement a function to prevent project file alteration.

Recommendations For Kostac PLC Programming Software versions 1.6.9.0 and earlier, save project files again using Kostac PLC Programming Software Version 1.6.10.0 or later to mitigate the impact of this vulnerability. For Kostac PLC Programming Software version 1.6.11.0, update to version 1.6.10.0 or later to prevent project file alteration and mitigate the vulnerability.