PT-2023-5517 · Kostac · Kostac Plc Programming

Michael Heinzl

Published

2023-09-20

Updated

2023-09-22

CVE-2023-41374

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kostac PLC Programming Software versions 1.6.11.0 and earlier

Description The issue is related to a double free problem in the Kostac PLC Programming Software, which can be exploited by opening a specially crafted project file. This can lead to the execution of arbitrary code. The problem exists in the parsing of KPP project files. The vendor has implemented a function to prevent project file alteration in versions 1.6.10.0 and later.

Recommendations To mitigate the impact of this issue, save project files that were created using Kostac PLC Programming Software Version 1.6.9.0 and earlier again using Kostac PLC Programming Software Version 1.6.10.0 or later.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2023-06165

CVE-2023-41374

Affected Products

Kostac Plc Programming

PT-2023-5517 · Kostac · Kostac Plc Programming

CVE-2023-41374

Weakness Enumeration

Related Identifiers

Affected Products

References · 11