4 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories. La aplicación (Network Congiurator para Devicenet Safety 3.41 y priores ) busca recursos a través de una ruta de búsqueda no confiable que podría ejecutar un archivo .dll malicioso que no está bajo el control directo de la aplicación y fuera de los directorios previstos. • https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01 • CWE-426: Untrusted Search Path •

CVSS: 7.8EPSS: 25%CPEs: 7EXPL: 0

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow. El análisis sintáctico de archivos de proyecto mal formados en Omron CX-One, en versiones 4.42 y anteriores, incluyendo las siguientes aplicaciones: CX-FLnet, en versiones 1.00 y anteriores; CX-Protocol, en versiones 1.992 y anteriores; CX-Programmer, en versiones 9.65 y anteriores; CX-Server, en versiones 5.0.22 y anteriores; Network Configurator, en versiones 3.63 y anteriores y Switch Box Utility, en versiones 1.68 y anteriores, podría provocar un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of SBA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition. El análisis sintáctico de archivos de proyecto mal formados en Omron CX-One, en versiones 4.42 y anteriores, incluyendo las siguientes aplicaciones: CX-FLnet, en versiones 1.00 y anteriores; CX-Protocol, en versiones 1.992 y anteriores; CX-Programmer, en versiones 9.65 y anteriores; CX-Server, en versiones 5.0.22 y anteriores; Network Configurator, en versiones 3.63 y anteriores y Switch Box Utility, en versiones 1.68 y anteriores, podría permitir que el puntero llame a un objeto incorrecto, lo que resulta en un acceso del recurso empleando una condición de tipo incompatible. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PSW files. When parsing a crafted file, the process does not properly validate user-supplied data, which can result in a type confusion condition. • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 23%CPEs: 7EXPL: 0

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow. El análisis sintáctico de archivos de proyecto mal formados en Omron CX-One, en versiones 4.42 y anteriores, incluyendo las siguientes aplicaciones: CX-FLnet, en versiones 1.00 y anteriores; CX-Protocol, en versiones 1.992 y anteriores; CX-Programmer, en versiones 9.65 y anteriores; CX-Server, en versiones 5.0.22 y anteriores; Network Configurator, en versiones 3.63 y anteriores y Switch Box Utility, en versiones 1.68 y anteriores, podría provocar un desbordamiento de búfer basado en memoria dinámica (heap). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FLN files. When parsing the Node Name field, the process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •