Page 2 of 19 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. Un atacante podría inyectar comandos para eliminar archivos y/o borrar el contenido de un archivo en CX-Supervisor, en sus versiones 3.42 y anteriores, mediante un archivo de proyecto especialmente manipulado. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of a user-supplied string, allowing for the deletion of any file on the system. • http://www.securityfocus.com/bid/106654 https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. Un atacante podría inyectar comandos para ejecutar programas y crear, escribir y leer archivos en CX-Supervisor, en sus versiones 3.42 y anteriores, mediante un archivo de proyecto especialmente manipulado. Un atacante podría explotar esto para ejecutar código arbitrario con los privilegios de la aplicación. This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of OMRON CX-Supervisor. • http://www.securityfocus.com/bid/106654 https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. CX-Supervisor, en sus versiones 3.42 y anteriores, puede ejecutar código que se ha inyectado en un archivo de proyecto. Un atacante podría explotar esto para ejecutar código arbitrario con los privilegios de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. • http://www.securityfocus.com/bid/106654 https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. Al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores, la aplicación no comprueba si está referenciando memoria liberada, lo que podría permitir que un atacante ejecute código bajo el contexto de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. Al procesar archivos de proyecto Omron CX-Supervisor en versiones 3.4.1.0 y anteriores y falsificando el valor de un desplazamiento, un atacante puede forzar a la aplicación para que lea un valor fuera de un array. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SCS files. By manipulating a document's elements, an attacker can trigger a read past the end of an allocated array. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •