CVE-2024-47136

Name of the Vulnerable Software and Affected Versions Kostac PLC Programming Software versions 1.6.14.0 and earlier

Description An out-of-bounds read vulnerability exists in the parsing of KPP project files. If a user opens a specially crafted project file saved using Kostac PLC Programming Software version 1.6.9.0 and earlier, it may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure.

Recommendations For Kostac PLC Programming Software versions 1.6.14.0 and earlier, consider avoiding the use of project files saved with earlier versions until a patch is available. As a temporary workaround, restrict the opening of project files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.