CVE-2023-22353
HIGHScreen Creator Advance 2 <0.1.1.4 Build01 - RCE/Info Disclosure
Title source: llmDescription
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://jvn.jp/en/vu/JVNVU98917488/
Patch, Vendor Advisory
https://www.electronics.jtekt.co.jp/en/topics/202302035233/
Patch, Vendor Advisory
https://www.electronics.jtekt.co.jp/jp/topics/2023020313454/
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
21.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-125
Status
published
Products (2)
jtekt/screen_creator_advance_2
0.1.1.4 build01
jtekt/screen_creator_advance_2
< 0.1.1.4
Published
Feb 13, 2023
Tracked Since
Feb 18, 2026