SB2018031504 - Remote code execution in Omron CX-Supervisor
Published: March 15, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2018-7513)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted project file, trick the vicim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Use-after-free error (CVE-ID: CVE-2018-7521)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a use-after-free error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
3) Access of uninitialized pointer (CVE-ID: CVE-2018-7515)
CWE-ID: CWE-824 - Access of Uninitialized Pointer
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attcker to execute arbitrary code on the target system.
The weakness exists due to indirect calling an initialized pointer when parsing malformed packets. A remote attacker can send a specially crafted project file, trick the victim into opening it and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
4) Double free (CVE-ID: CVE-2018-7523)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a double free error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
5) Out-of-bounds write (CVE-ID: CVE-2018-7517)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an out-of bounds write error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation may result in system compromise.
6) Untrusted pointer dereference (CVE-ID: CVE-2018-7525)
CWE-ID: CWE-822 - Untrusted Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an untrusted pointer dereference error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation may result in system compromise.
7) Heap-based buffer overflow (CVE-ID: CVE-2018-7519)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation may result in system compromise.
Remediation
Install update from vendor's website.