CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19019 – OMRON CX-Supervisor SCS File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19019
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. Existe una vulnerabilidad de confusión de tipo cuando se procesan archivos de proyecto en CX-Supervisor, en sus versiones 3.42 y anteriores. Un atacante podría usar un archivo de proyecto especialmente manipulado para explotar y ejecutar código con los privilegios de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. • http://www.securityfocus.com/bid/106654 https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19013 – OMRON CX-Supervisor sr3 File Parsing DeleteFile Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2018-19013
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. Un atacante podría inyectar comandos para eliminar archivos y/o borrar el contenido de un archivo en CX-Supervisor, en sus versiones 3.42 y anteriores, mediante un archivo de proyecto especialmente manipulado. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of a user-supplied string, allowing for the deletion of any file on the system. • http://www.securityfocus.com/bid/106654 https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19011 – OMRON CX-Supervisor sr3 Code Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19011
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. CX-Supervisor, en sus versiones 3.42 y anteriores, puede ejecutar código que se ha inyectado en un archivo de proyecto. Un atacante podría explotar esto para ejecutar código arbitrario con los privilegios de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. • http://www.securityfocus.com/bid/106654 https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19015 – OMRON CX-Supervisor sr3 File Parsing MoveFile Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2018-19015
An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. Un atacante podría inyectar comandos para ejecutar programas y crear, escribir y leer archivos en CX-Supervisor, en sus versiones 3.42 y anteriores, mediante un archivo de proyecto especialmente manipulado. Un atacante podría explotar esto para ejecutar código arbitrario con los privilegios de la aplicación. This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of OMRON CX-Supervisor. • http://www.securityfocus.com/bid/106654 https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17909 – OMRON CX-Supervisor sr3 File Parsing Script API HWND Object Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17909
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. Al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores, la aplicación no comprueba si está referenciando memoria liberada, lo que podría permitir que un atacante ejecute código bajo el contexto de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-416: Use After Free •