CVE-2018-18993

Name of the Vulnerable Software and Affected Versions Omron CX-One versions 4.42 and prior Omron CX-Programmer versions 9.66 and prior Omron CX-Server versions 5.0.23 and prior

Description The issue is caused by a stack-based buffer overflow in the Omron CX-Programmer development environment, which is part of the Omron CX-One software suite. This overflow can occur when processing project files, allowing input data to exceed the buffer. An attacker could exploit this by using a specially crafted project file to overflow the buffer and execute arbitrary code under the privileges of the application.

Recommendations For Omron CX-One versions 4.42 and prior, update to a version later than 4.42 to resolve the issue. For Omron CX-Programmer versions 9.66 and prior, update to a version later than 9.66 to resolve the issue. For Omron CX-Server versions 5.0.23 and prior, update to a version later than 5.0.23 to resolve the issue. As a temporary workaround, consider restricting the use of project files from untrusted sources to minimize the risk of exploitation.