CVE-2023-22353 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2023-22353?

CVE-2023-22353 has a CVSS score of 7.8 (HIGH). This CVE describes an out-of-bounds read vulnerability in Screen Creator Advance 2 software versions 0.1.1.4 Build01 and earlier. Attackers can exploit this by tricking users into opening malicious project files, potentially leading to information disclosure or arbitrary code execution. Users of the affected software versions are at risk.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Screen Creator Advance 2 software versions 0.1.1.4 Build01 and earlier. Attackers can exploit this by tricking users into opening malicious project files, potentially leading to information disclosure or arbitrary code execution. Users of the affected software versions are at risk.

💻 Affected Systems

Products:

Screen Creator Advance 2

Versions: 0.1.1.4 Build01 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when opening malicious project files. No special configuration required.

📦 What is this software?

Screen Creator Advance 2 by Jtekt

View all CVEs affecting Screen Creator Advance 2 →

Screen Creator Advance 2 by Jtekt

View all CVEs affecting Screen Creator Advance 2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Information disclosure through memory leaks, potentially exposing sensitive data or system information that could facilitate further attacks.

🟢

If Mitigated

Limited impact through proper user training and file validation, with potential for denial of service or minor information leaks.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 0.1.1.4 Build01

Vendor Advisory: https://www.electronics.jtekt.co.jp/en/topics/202302035233/

Restart Required: Yes

Instructions:

1. Visit the vendor advisory page
2. Download the latest version of Screen Creator Advance 2
3. Uninstall the vulnerable version
4. Install the updated version
5. Restart the system

🔧 Temporary Workarounds

Restrict project file execution

windows

Block execution of .sca or other Screen Creator project files through application whitelisting or file restrictions

User awareness training

all

Train users to only open project files from trusted sources and verify file integrity

🧯 If You Can't Patch

Implement application control to block Screen Creator Advance 2 execution
Isolate affected systems from critical network segments

🔍 How to Verify

Check if Vulnerable:

Check the software version in Help > About or program properties. If version is 0.1.1.4 Build01 or earlier, the system is vulnerable.

Check Version:

Check application properties or Help > About menu within Screen Creator Advance 2

Verify Fix Applied:

Verify the installed version is newer than 0.1.1.4 Build01 and test opening known-safe project files.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected process creation from Screen Creator Advance 2
Multiple failed file open attempts

Network Indicators:

Unusual outbound connections from Screen Creator Advance 2 process
File downloads to systems running vulnerable software

SIEM Query:

process_name:"Screen Creator Advance 2" AND (event_type:crash OR file_operation:open)

📊 Metadata

CVE ID: CVE-2023-22353

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: February 13, 2023

Last Updated: March 21, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU98917488/ Patch,Third Party Advisory
https://www.electronics.jtekt.co.jp/en/topics/202302035233/ Patch,Vendor Advisory
https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/ Patch,Vendor Advisory
https://jvn.jp/en/vu/JVNVU98917488/ Patch,Third Party Advisory
https://www.electronics.jtekt.co.jp/en/topics/202302035233/ Patch,Vendor Advisory
https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/ Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22353, you might also want to check these: