SB2018031504 - Remote code execution in Omron CX-Supervisor

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018031504

SB2018031504 - Remote code execution in Omron CX-Supervisor

Published: March 15, 2018

Security Bulletin ID SB2018031504
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2018-7513)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted project file, trick the vicim into opening it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

2) Use-after-free error (CVE-ID: CVE-2018-7521)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

3) Access of uninitialized pointer (CVE-ID: CVE-2018-7515)

The vulnerability allows a remote attcker to execute arbitrary code on the target system.

The weakness exists due to indirect calling an initialized pointer when parsing malformed packets. A remote attacker can send a specially crafted project file, trick the victim into opening it and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

4) Double free (CVE-ID: CVE-2018-7523)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a double free error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

5) Out-of-bounds write (CVE-ID: CVE-2018-7517)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an out-of bounds write error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.

Successful exploitation may result in system compromise.

6) Untrusted pointer dereference (CVE-ID: CVE-2018-7525)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an untrusted pointer dereference error. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.

Successful exploitation may result in system compromise.

7) Heap-based buffer overflow (CVE-ID: CVE-2018-7519)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can send a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.

Successful exploitation may result in system compromise.

Remediation

Install update from vendor's website.

References