CVE-2023-22424 – A use-after-free vulnerability in Kostac PLC Pr... (How to Fix)

Q: What is the severity of CVE-2023-22424?

CVE-2023-22424 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Kostac PLC Programming Software (formerly Koyo PLC Programming Software) allows attackers to execute arbitrary code or disclose information by tricking users into opening malicious project files. This affects industrial control system engineers and organizations using version 1.6.9.0 or earlier of this PLC programming software.

📋 TL;DR

A use-after-free vulnerability in Kostac PLC Programming Software (formerly Koyo PLC Programming Software) allows attackers to execute arbitrary code or disclose information by tricking users into opening malicious project files. This affects industrial control system engineers and organizations using version 1.6.9.0 or earlier of this PLC programming software.

💻 Affected Systems

Products:

Kostac PLC Programming Software
Koyo PLC Programming Software

Versions: Version 1.6.9.0 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when opening malicious project files with abnormal maximum column values.

📦 What is this software?

Kostac Plc Programming Software by Jtekt

View all CVEs affecting Kostac Plc Programming Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially allowing attackers to manipulate industrial processes, steal sensitive data, or disrupt operations.

🟠

Likely Case

Local privilege escalation or information disclosure when users open specially crafted project files, potentially leading to lateral movement within industrial networks.

🟢

If Mitigated

Limited impact if software is isolated from critical systems and users are trained to avoid opening untrusted project files.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious project file) and knowledge of the software's internal memory management.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.6.10.0 or later

Vendor Advisory: https://www.electronics.jtekt.co.jp/en/topics/202303035258/

Restart Required: Yes

Instructions:

1. Download the latest version from JTEKT's official website. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict project file access

all

Limit access to project files and only open files from trusted sources

Network segmentation

all

Isolate PLC programming workstations from production networks and internet access

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from opening project files
Use application whitelisting to prevent execution of malicious code if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is 1.6.9.0 or earlier, the system is vulnerable.

Check Version:

Check via GUI: Help > About menu in Kostac PLC Programming Software

Verify Fix Applied:

Verify version is 1.6.10.0 or later in Help > About menu after patching.

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes of Kostac software
Multiple failed attempts to open project files
Unusual process creation from Kostac executable

Network Indicators:

Unusual network connections from PLC programming workstations
File transfers of project files from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Kostac*.exe" OR SourceName="Application Error" AND Message LIKE "%Kostac%"

📊 Metadata

CVE ID: CVE-2023-22424

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: March 6, 2023

Last Updated: March 7, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU94966432/ Third Party Advisory
https://www.electronics.jtekt.co.jp/en/topics/202303035258/ Vendor Advisory
https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/ Vendor Advisory
https://jvn.jp/en/vu/JVNVU94966432/ Third Party Advisory
https://www.electronics.jtekt.co.jp/en/topics/202303035258/ Vendor Advisory
https://www.electronics.jtekt.co.jp/jp/topics/2023030313639/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22424, you might also want to check these: