CVE-2018-18989 – OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-18989
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. En CX-One, en versiones 4.42 y anteriores (CX-Programmer en versiones 9.66 y anteriores y CX-Server en versiones 5.0.23 y anteriores), al procesar archivos de proyecto, la aplicación no comprueba si se está referenciando memoria liberada. Un atacante podría emplear un archivo de proyecto manipulado para explotar y ejecutar código con los privilegios de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. • http://www.securityfocus.com/bid/106106 https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01 • CWE-416: Use After Free •
CVE-2018-18993 – OMRON CX-One CXP File Parsing Stack-based Buffer Overflow Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-18993
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. Se han descubierto dos vulnerabilidades de desbordamiento de búfer basado en pila en CX-One, en versiones 4.42 y anteriores (CX-Programmer en versiones 9.66 y anteriores y CX-Server en versiones 5.0.23 y anteriores). Al procesar archivos de proyecto, la aplicación permite que los datos de entrada excedan el búfer. • http://www.securityfocus.com/bid/106106 https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-17909 – OMRON CX-Supervisor sr3 File Parsing Script API HWND Object Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17909
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. Al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores, la aplicación no comprueba si está referenciando memoria liberada, lo que podría permitir que un atacante ejecute código bajo el contexto de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-416: Use After Free •
CVE-2018-17913 – OMRON Industrial Automation CX-Supervisor CSNewDataSets Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17913
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. Existe una vulnerabilidad de confusión de tipos al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores, lo que podría permitir que un atacante ejecute código en el contexto de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PAG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-704: Incorrect Type Conversion or Cast •
CVE-2018-17905 – OMRON CX-Supervisor SCS File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17905
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. Al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores y falsificando un byte en concreto, podría ocurrir una corrupción de memoria en un objeto específico. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •