Type Confusion in CX-One - CVE-2020-27257
Published: January 8, 2021
CX-One
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing certain files. A remote attacker can trick the victim to open a specially crafted file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2020-27257
Omron has released an updated version of CX-One to address the reported vulnerabilities. These releases are available through the CX-One auto-update service and are as follows:
- CX-Protocol Version 2.03
- CX-Server Version 5.0.29
- CX-Position Version 2.53