CVE-2024-47134 – An out-of-bounds write vulnerability in Kostac ... (How to Fix)

Q: What is the severity of CVE-2024-47134?

CVE-2024-47134 has a CVSS score of 7.8 (HIGH). An out-of-bounds write vulnerability in Kostac PLC Programming Software (formerly Koyo PLC Programming Software) allows attackers to execute arbitrary code, cause denial-of-service, or disclose information by tricking users into opening malicious project files. This affects industrial control system engineers and organizations using affected versions of this PLC programming software. The vulnerability is triggered when parsing specially crafted KPP project files.

📋 TL;DR

An out-of-bounds write vulnerability in Kostac PLC Programming Software (formerly Koyo PLC Programming Software) allows attackers to execute arbitrary code, cause denial-of-service, or disclose information by tricking users into opening malicious project files. This affects industrial control system engineers and organizations using affected versions of this PLC programming software. The vulnerability is triggered when parsing specially crafted KPP project files.

💻 Affected Systems

Products:

Kostac PLC Programming Software
Koyo PLC Programming Software

Versions: Version 1.6.14.0 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability specifically affects project files saved using Version 1.6.9.0 and earlier when opened in affected versions.

📦 What is this software?

Kostac Plc Programming Software by Electronics.jtekt

View all CVEs affecting Kostac Plc Programming Software →

Kostac Plc Programming Software by Electronics.jtekt

View all CVEs affecting Kostac Plc Programming Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution leading to PLC manipulation, production line disruption, and potential physical damage to industrial equipment.

🟠

Likely Case

Denial-of-service condition on the programming workstation, potentially disrupting PLC programming and maintenance operations.

🟢

If Mitigated

Limited impact if proper network segmentation and file validation controls prevent malicious project files from reaching engineering workstations.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious project file). No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.6.15.0 or later

Vendor Advisory: https://www.electronics.jtekt.co.jp/en/topics/202410026928/

Restart Required: Yes

Instructions:

1. Download latest version from JTEKT Electronics website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict project file sources

all

Only open project files from trusted sources and validate file integrity before opening.

Network segmentation

all

Isolate PLC programming workstations from general network and internet access.

🧯 If You Can't Patch

Implement strict file validation procedures for all KPP project files
Use application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is 1.6.14.0 or earlier, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 1.6.15.0 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening project files
Unusual process creation from Kostac software

Network Indicators:

Unexpected network connections from PLC programming workstations

SIEM Query:

EventID=1000 OR EventID=1001 Source='Application Error' AND ProcessName='Kostac*.exe'

📊 Metadata

CVE ID: CVE-2024-47134

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 3, 2024

Last Updated: October 16, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU92808077/ Third Party Advisory
https://www.electronics.jtekt.co.jp/en/topics/202410026928/ Vendor Advisory
https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47134, you might also want to check these: