PT-2022-4259 · Omron · Omron Cx-One

Xina1I

Published

2022-01-14

Updated

2022-03-17

CVE-2022-21137

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Omron CX-One versions 4.60 and prior

Description The issue is caused by a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. This can be exploited by a remote attacker.

Recommendations For Omron CX-One versions 4.60 and prior, update to a version later than 4.60 to resolve the issue. As a temporary workaround, consider restricting the processing of specific project files that may trigger the buffer overflow until a patch is available.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2022-05109

CVE-2022-21137

ZDI-22-373

ZDI-22-374

Affected Products

Omron Cx-One

PT-2022-4259 · Omron · Omron Cx-One

CVE-2022-21137

Weakness Enumeration

Related Identifiers

Affected Products

References · 9