CVE-2018-19015

Name of the Vulnerable Software and Affected Versions OMRON CX-Supervisor versions 3.42 and prior

Description The issue allows an attacker to inject commands and execute code under the privileges of the application through a specially crafted project file. This can be exploited to launch programs, create, write, and read files.

Recommendations For OMRON CX-Supervisor versions 3.42 and prior, consider restricting the use of project files from untrusted sources until a patch is available. As a temporary workaround, consider disabling the GenerateReport API, ViewReport command, WriteMessage function, RunApplication API, MoveFile function, ExecuteJScriptFile command, CopyFile function, EditFile API, and ExecuteVBScriptFile command to minimize the risk of exploitation. Avoid using specially crafted project files in the affected OMRON CX-Supervisor versions until the issue is resolved.