Remote code execution in Omron CX-One CX-Protocol

Published: 2019-01-11 10:04:16
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-19027
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-843
Exploitation vector Network
Public exploit N/A
Vulnerable software CX-Protocol
Vulnerable software versions CX-Protocol -
Vendor URL Omron

Security Advisory

1) Type confusion

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to type confusion when processing project files. A remote unauthenticated attacker can trick the victim into processing a specially crafted project file, trigger type confusion error and execute code under the privileges of the application.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 2.01.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02

Back to List