The Unchecked Canvas: Smashing the Stack in JTEKT HMI Designer
Vulnerability ID: CVE-2023-22345
CVSS Score: 7.8
Published: 2023-02-13
A critical Out-of-bounds Write vulnerability in JTEKT Screen Creator Advance 2 allows attackers to achieve Arbitrary Code Execution via malformed project files, exploiting a failure to abort operations upon encountering 'out of specification' errors.
TL;DR
The software used to design HMI screens for industrial control systems has a fatal flaw in how it parses project files. It detects errors but ignores them, continuing to write data until it corrupts memory. By tricking an engineer into opening a malicious project file, an attacker can execute arbitrary code on the engineering workstation.
Technical Details
- CWE ID: CWE-787 (Out-of-bounds Write)
- CVSS v3.1: 7.8 (High)
- Attack Vector: Local (User Interaction Required)
- Impact: Arbitrary Code Execution / Denial of Service
- Exploit Status: PoC (Theoretical)
- KEV Listed: No
Affected Systems
- JTEKT Screen Creator Advance 2 (Ver.0.1.1.4 Build01 and earlier)
-
Screen Creator Advance 2: <= 0.1.1.4 Build01 (Fixed in:
0.1.1.4 Build01A)
Mitigation Strategies
- Input Validation Enforcement
- Strict Error Handling
- Memory Safety Checks
Remediation Steps:
- Identify all workstations running Screen Creator Advance 2.
- Download the update for Ver.0.1.1.4 Build01A from the JTEKT website.
- Apply the update and restart the application.
- Verify the version number in the 'About' menu.
References
Read the full report for CVE-2023-22345 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)