CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7521 – OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7521
In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. En las versiones 3.30 y anteriores de Omron CX-Supervisor, se pueden explotar vulnerabilidades de uso de memoria previamente liberada cuando CX Supervisor analiza un archivo de proyecto especialmente manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7517 – OMRON CX-Supervisor SCS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7517
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el análisis de archivos de proyecto mal formados puede provocar una vulnerabilidad fuera de límites. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7525 – OMRON CX-Supervisor CDM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7525
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el procesamiento de un paquete mal formado por parte de cierto ejecutable puede provocar una vulnerabilidad de desreferencia de puntero no fiable. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CDM file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7519 – OMRON CX-Supervisor SCS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7519
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el análisis de archivos de proyecto mal formados puede provocar un desbordamiento de búfer basado en memoria dinámica (heap). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of SCS project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7523 – OMRON CX-Supervisor SCS Scatter Chart Object Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7523
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el análisis de archivos de proyecto mal formados puede provocar una vulnerabilidad de doble liberación (double free). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCS project files. When parsing a malformed scatter chart object, the process does not properly validate the existence of an object prior to performing operations on it. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-415: Double Free •