CVE-2023-22424

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
06/03/2023
Last modified:
07/03/2025

Description

Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:jtekt:kostac_plc_programming_software:*:*:*:*:*:*:*:* 1.6.9.0 (including)