CVE-2024-31413

Name of the Vulnerable Software and Affected Versions CX-One versions 4.61.1 and earlier Sysmac Studio versions 1.56 and earlier

Description The issue is related to the use of a function that frees a pointer not at the start of a buffer, which can be exploited to execute arbitrary code. This can be achieved by opening a specially crafted project file.

Recommendations For CX-One versions 4.61.1 and earlier, update to a version later than 4.61.1 to resolve the issue. For Sysmac Studio versions 1.56 and earlier, update to a version later than 1.56 to resolve the issue. As a temporary workaround, consider restricting the opening of project files from untrusted sources to minimize the risk of exploitation.