CVE-2024-47136 – An out-of-bounds read vulnerability in Kostac P... (How to Fix)

Q: What is the severity of CVE-2024-47136?

CVE-2024-47136 has a CVSS score of 7.8 (HIGH). An out-of-bounds read vulnerability in Kostac PLC Programming Software allows attackers to cause denial-of-service, execute arbitrary code, or disclose information by tricking users into opening malicious project files. This affects industrial engineers and organizations using this PLC programming software for industrial control systems. The vulnerability is triggered when parsing specially crafted KPP project files.

📋 TL;DR

An out-of-bounds read vulnerability in Kostac PLC Programming Software allows attackers to cause denial-of-service, execute arbitrary code, or disclose information by tricking users into opening malicious project files. This affects industrial engineers and organizations using this PLC programming software for industrial control systems. The vulnerability is triggered when parsing specially crafted KPP project files.

💻 Affected Systems

Products:

Kostac PLC Programming Software
Koyo PLC Programming Software

Versions: Version 1.6.14.0 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability specifically triggered by project files saved using Version 1.6.9.0 and earlier of the software.

📦 What is this software?

Kostac Plc by Jtekt

View all CVEs affecting Kostac Plc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution leading to PLC manipulation, production disruption, and potential physical damage to industrial processes.

🟠

Likely Case

Denial-of-service causing software crashes and disruption to PLC programming workflows, potentially halting industrial operations.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW - This requires user interaction with malicious files and the software is typically used in internal industrial networks.

🏢 Internal Only: HIGH - Within industrial control networks, this poses significant risk as attackers could compromise PLC programming stations and manipulate industrial processes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to get users to open malicious project files. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.6.15.0 or later

Vendor Advisory: https://www.electronics.jtekt.co.jp/en/topics/202410026928/

Restart Required: Yes

Instructions:

1. Download the latest version from JTEKT Electronics website. 2. Uninstall the current vulnerable version. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict project file sources

all

Only open project files from trusted sources and implement file validation procedures.

User awareness training

all

Train users to avoid opening unexpected or suspicious project files.

🧯 If You Can't Patch

Isolate PLC programming workstations from general network access
Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is 1.6.14.0 or earlier, the system is vulnerable.

Check Version:

Check via GUI: Help > About menu in Kostac PLC Programming Software

Verify Fix Applied:

Verify version is 1.6.15.0 or later in Help > About menu after update.

📡 Detection & Monitoring

Log Indicators:

Software crash logs
Unexpected process termination events
Memory access violation errors

Network Indicators:

Unusual file transfers to PLC programming stations
Suspicious email attachments with .kpp files

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Kostac*.exe" OR Source="Application Error" AND Description contains "Kostac"

📊 Metadata

CVE ID: CVE-2024-47136

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 3, 2024

Last Updated: October 15, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU92808077/ Third Party Advisory
https://www.electronics.jtekt.co.jp/en/topics/202410026928/ Vendor Advisory
https://www.electronics.jtekt.co.jp/jp/topics/2024100217388/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47136, you might also want to check these: