CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17905 – OMRON CX-Supervisor SCS File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17905
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. Al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores y falsificando un byte en concreto, podría ocurrir una corrupción de memoria en un objeto específico. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17913 – OMRON Industrial Automation CX-Supervisor CSNewDataSets Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17913
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. Existe una vulnerabilidad de confusión de tipos al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores, lo que podría permitir que un atacante ejecute código en el contexto de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PAG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7523 – OMRON CX-Supervisor SCS Scatter Chart Object Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7523
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el análisis de archivos de proyecto mal formados puede provocar una vulnerabilidad de doble liberación (double free). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCS project files. When parsing a malformed scatter chart object, the process does not properly validate the existence of an object prior to performing operations on it. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-415: Double Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7513 – OMRON CX-Supervisor SCS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7513
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el análisis de archivos de proyecto mal formados puede provocar un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7517 – OMRON CX-Supervisor SCS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7517
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el análisis de archivos de proyecto mal formados puede provocar una vulnerabilidad fuera de límites. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-787: Out-of-bounds Write •