JTEKT ELECTRONICS Kostac PLC Programming Software

Plan PatchCVSS 7.8ICS-CERT ICSA-23-096-03Apr 10, 2023

Manufacturing

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JTEKT ELECTRONICS Kostac PLC Programming Software versions 1.6.9.0 and earlier contain a buffer overflow (CWE-125) and use-after-free (CWE-416) vulnerability. Successful exploitation allows an attacker to disclose information or execute arbitrary code on the engineering workstation. The vulnerability is triggered when opening a crafted project file. JTEKT ELECTRONICS has released version 1.6.10.0 and above, which addresses the vulnerability and includes a tamper-proof feature that prevents crafted project files from being opened. Project files saved with version 1.6.9.0 or earlier must be re-saved with the updated software to enable this protection.

What this means

What could happen

An attacker could craft a malicious PLC project file that, when opened by an engineer on their workstation, discloses sensitive information or runs arbitrary code on that machine. This could compromise the engineering environment and allow subsequent attacks on connected control systems.

Who's at risk

Manufacturing organizations that use JTEKT ELECTRONICS Kostac PLC Programming Software on engineering workstations. This affects anyone who programs, troubleshoots, or maintains JTEKT PLCs, including plant engineers, integrators, and panel builders.

How it could be exploited

An attacker creates a malicious Kostac PLC project file that exploits a buffer overflow or use-after-free vulnerability in the software. The attacker sends or places this file where an engineer will open it (email, shared drive, or a seemingly legitimate project archive). When the engineer opens the file in Kostac versions 1.6.9.0 or earlier, the vulnerability is triggered, allowing code execution or information disclosure on the engineering workstation.

Prerequisites

Engineer must have Kostac PLC Programming Software version 1.6.9.0 or earlier installed
Engineer must open a malicious or crafted project file (.kst or equivalent format)
Local access to the engineering workstation (attacker can deliver the file via email, USB, network share, etc.)

Low complexity exploitation (malicious file)No authentication required (user interaction only)Affects engineering environment (potential access to production systems)Buffer overflow and use-after-free vulnerabilities (memory corruption)Vendor has released a fix (1.6.10.0 available)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

JTEKT ELECTRONICS Kostac PLC Programing Software:≤ 1.6.9.01.6.10.0 and above

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict file execution and project opening on engineering workstations to trusted sources only; implement file scanning and validation before opening externally sourced project files

WORKAROUNDDisable automatic opening of project files from email or untrusted network locations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Kostac PLC Programming Software to version 1.6.10.0 or later on all engineering workstations

HOTFIXRe-save any PLC project files created with version 1.6.9.0 or earlier using the updated software (version 1.6.10.0 or above) to enable the tamper-proof feature

CVEs (3)

CVE-2023-22419 CVE-2023-22421 CVE-2023-22424

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b2511a84-86cd-4481-9bbd-2aae5ee67324

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.