JTEKT ELECTRONICS Screen Creator Advance 2

Plan Patch7.8ICS-CERT ICSA-23-096-02Apr 10, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JTEKT ELECTRONICS Screen Creator Advance 2 version 0.1.1.4 Build01 and earlier contains multiple memory corruption vulnerabilities (buffer overflow, out-of-bounds read, use-after-free). Successful exploitation requires local access and user interaction, such as opening a malicious file, and could allow an attacker to execute arbitrary code or disclose sensitive information including engineering data and credentials.

What this means

What could happen

An attacker with local access to a machine running Screen Creator Advance 2 could execute arbitrary code or steal sensitive information such as engineering data, project files, or credentials stored on the workstation.

Who's at risk

Engineering and control system personnel who use JTEKT ELECTRONICS Screen Creator Advance 2 on their workstations for HMI or PLC programming are at risk. This affects organizations in water utilities, electric utilities, and manufacturing that use JTEKT equipment for automation control.

How it could be exploited

An attacker would need local access to the affected workstation running Screen Creator Advance 2. Exploitation likely involves a user opening a malicious file (email attachment or downloaded file) that triggers a memory corruption vulnerability in the application, allowing code execution with the privileges of the user running the software.

Prerequisites

Local access to workstation running vulnerable Screen Creator Advance 2
User interaction required (opening a malicious file or attachment)
Vulnerable version: Ver.0.1.1.4 Build01 or earlier

local access required (not remotely exploitable)user interaction requiredmemory corruption vulnerabilities (buffer overflow, use-after-free)could lead to arbitrary code execution on engineering workstation

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

JTEKT ELECTRONICS Screen Creator Advance 2: Ver0.1.1.4 Build010.1.1.4 Build010.1.1.4 Build01A or later

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImplement email filtering and disable automatic opening of attachments in email clients used by engineering staff

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Screen Creator Advance 2 to Ver.0.1.1.4 Build01A or later

Long-term hardening

0/3

HARDENINGTrain operators and engineers to avoid opening unsolicited email attachments and clicking suspicious links

HARDENINGImplement application whitelisting on engineering workstations to restrict execution of unsigned binaries

HARDENINGSegment engineering workstations from general IT network using firewalls and VLANs

CVEs (7)

CVE-2023-22345 CVE-2023-22346 CVE-2023-22347 CVE-2023-22349 CVE-2023-22350 CVE-2023-22353 CVE-2023-22360

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d804a16b-cb73-4f5b-9109-4afa594b4767