Page 4 of 19 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. En las versiones 3.30 y anteriores de Omron CX-Supervisor, se pueden explotar vulnerabilidades de uso de memoria previamente liberada cuando CX Supervisor analiza un archivo de proyecto especialmente manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el análisis de archivos de proyecto mal formados puede provocar un desbordamiento de búfer basado en memoria dinámica (heap). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of SCS project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets. En las versiones 3.30 y anteriores de Omron CX-Supervisor, se puede explotan vulnerabilidades de acceso de puntero no inicializado cuando CX-Supervisor llama de forma indirecta a un puntero no inicializado al analizar paquetes mal formados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper initialization of a pointer prior to accessing it. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-256: Plaintext Storage of a Password CWE-824: Access of Uninitialized Pointer •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. En las versiones 3.30 y anteriores de Omron CX-Supervisor, el procesamiento de un paquete mal formado por parte de cierto ejecutable puede provocar una vulnerabilidad de desreferencia de puntero no fiable. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CDM file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • http://www.securityfocus.com/bid/103394 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •