PT-2019-9716 · Omron · Cx-Protocol+1

Published

2019-01-14

·

Updated

2019-10-09

·

CVE-2018-19027

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OMRON CX-One versions 4.50 and prior OMRON CX-Protocol versions 2.0 and prior
Description The issue is related to type confusion vulnerabilities that can be exploited when processing project files. An attacker could use a specially crafted project file to execute code under the privileges of the application.
Recommendations For OMRON CX-One versions 4.50 and prior, update to a version later than 4.50 to resolve the issue. For OMRON CX-Protocol versions 2.0 and prior, update to a version later than 2.0 to resolve the issue. As a temporary workaround, consider restricting the use of project files from untrusted sources until a patch is available.

Fix

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-704

Related Identifiers

CVE-2018-19027
ZDI-19-017
ZDI-19-018
ZDI-19-019
ZDI-19-120

Affected Products

Cx-One
Cx-Protocol