CVE-2018-18989

Name of the Vulnerable Software and Affected Versions CX-One versions 4.42 and prior CX-Programmer versions 9.66 and prior CX-Server versions 5.0.23 and prior

Description The issue is related to the use of memory after it has been freed, which can be exploited by an attacker using a specially crafted project file to execute code under the privileges of the application. This vulnerability affects the Omron CX-Programmer development environment, used for programming and configuring Omron PLCs, and the CX-Server system, which ensures compatibility between Omron devices.

Recommendations For CX-One versions 4.42 and prior, consider disabling the project file processing feature until a patch is available. For CX-Programmer versions 9.66 and prior, restrict access to the CXP file parsing functionality to minimize the risk of exploitation. For CX-Server versions 5.0.23 and prior, avoid using the vulnerable version of the CX-Server system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.