Page 8 of 90 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una escritura fuera de límites mientras es procesado un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI files in the CX-Position module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 https://www.zerodayinitiative.com/advisories/ZDI-22-581 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una condición de uso de memoria previamente liberada mientras procesa un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI files in the CX-Position module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 https://www.zerodayinitiative.com/advisories/ZDI-22-578 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una corrupción de memoria mientras es procesado un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI files in the CX-Position module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 https://www.zerodayinitiative.com/advisories/ZDI-22-577 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. Una vulnerabilidad de uso de memoria previamente liberada en CX-Programmer versiones v9.76.1 y anteriores, que forma parte de la suite CX-One (v4.60), permite a un atacante causar una divulgación de información y/o una ejecución de código arbitrario haciendo que un usuario abra un archivo CXP especialmente diseñado. Esta vulnerabilidad es diferente de CVE-2022-25230 • https://jvn.jp/en/vu/JVNVU90121984/index.html • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. Una vulnerabilidad de escritura fuera de límites en CX-Programmer versiones v9.76.1 y anteriores, que forma parte de la suite CX-One (versión v4.60), permite a un atacante causar una divulgación de información y/o la ejecución de código arbitrario haciendo que un usuario abra un archivo CXP especialmente diseñado. Esta vulnerabilidad es diferente de CVE-2022-21124 • https://jvn.jp/en/vu/JVNVU90121984/index.html • CWE-787: Out-of-bounds Write •