{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28099", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-03-04T09:32:23.787Z", "datePublished": "2024-04-15T10:31:34.198Z", "dateUpdated": "2024-08-08T19:16:52.084Z"}, "containers": {"cna": {"affected": [{"vendor": "KEYENCE CORPORATION", "product": "VT STUDIO", "versions": [{"version": "Ver.8.32 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled Search Path Element", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.keyence.com/vt_vulnerability240329_en"}, {"url": "https://jvn.jp/en/vu/JVNVU92825069/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-04-15T10:31:34.198Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:48.246Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.keyence.com/vt_vulnerability240329_en", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU92825069/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "affected": [{"vendor": "keyence", "product": "vt_studio", "cpes": ["cpe:2.3:a:keyence:vt_studio:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "8.32", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-15T13:09:19.194914Z", "id": "CVE-2024-28099", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T19:16:52.084Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.keyence.com/vt_vulnerability240329_en", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU92825069/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:48.246Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28099", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-15T13:09:19.194914Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:keyence:vt_studio:*:*:*:*:*:*:*:*"], "vendor": "keyence", "product": "vt_studio", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.32"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T19:13:49.327Z"}}], "cna": {"affected": [{"vendor": "KEYENCE CORPORATION", "product": "VT STUDIO", "versions": [{"status": "affected", "version": "Ver.8.32 and earlier"}]}], "references": [{"url": "https://www.keyence.com/vt_vulnerability240329_en"}, {"url": "https://jvn.jp/en/vu/JVNVU92825069/"}], "descriptions": [{"lang": "en", "value": "VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-04-15T10:31:34.198Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28099", "state": "PUBLISHED", "dateUpdated": "2024-08-08T19:16:52.084Z", "dateReserved": "2024-03-04T09:32:23.787Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-04-15T10:31:34.198Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:keyence:vt_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8E3CAC6-A174-42ED-B6BE-8E160A545480", "versionEndIncluding": "8.32", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."}, {"lang": "es", "value": "VT STUDIO Ver.8.32 y anteriores contienen un problema con la ruta de b\u00fasqueda de DLL, lo que puede provocar que se carguen bibliotecas de v\u00ednculos din\u00e1micos de forma insegura. Como resultado, se puede ejecutar c\u00f3digo arbitrario con los privilegios de la aplicaci\u00f3n en ejecuci\u00f3n."}], "id": "CVE-2024-28099", "lastModified": "2025-06-30T13:50:39.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-15T11:15:08.397", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU92825069/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.keyence.com/vt_vulnerability240329_en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU92825069/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.keyence.com/vt_vulnerability240329_en"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}