SB2023121131 - Multiple vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2023-41963)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in FTP service. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Resource exhaustion (CVE-ID: CVE-2023-49140)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in commplex-link service. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

3) Resource exhaustion (CVE-ID: CVE-2023-49143)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in rfe service. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

4) Resource exhaustion (CVE-ID: CVE-2023-49713)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in NetBIOS service. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://jvn.jp/en/jp/JVN34145838/index.html
• https://www.electronics.jtekt.co.jp/en/topics/202312116562/