CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27257 – Omron CX-One
https://notcve.org/view.php?id=CVE-2020-27257
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices. Esta vulnerabilidad permite a atacantes locales ejecutar código arbitrario debido a una falta de comprobación apropiada de los datos suministrados por un usuario, lo que puede resultar en una condición de confusión de tipos en Omron CX-One Versión 4.60 y dispositivos anteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSW files by the CX-Protocol application. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02 https://www.zerodayinitiative.com/advisories/ZDI-21-184 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2020-27261 – Omron CX-One
https://notcve.org/view.php?id=CVE-2020-27261
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. El Omron CX-One versiones 4.60 y anteriores es vulnerable a un desbordamiento del búfer en la región stack de la memoria, lo que puede permitir a un atacante ejecutar código arbitrario remotamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI files by the CX-Position application. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02 https://www.zerodayinitiative.com/advisories/ZDI-21-183 https://www.zerodayinitiative.com/advisories/ZDI-21-185 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27259 – Omron CX-One
https://notcve.org/view.php?id=CVE-2020-27259
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. Omron CX-One versiones 4.60 y anteriores, puede permitir a un atacante suministrar un puntero a ubicaciones de memoria arbitrarias, lo que puede permitir a un atacante ejecutar código arbitrario remotamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI files by the CX-Position application. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02 https://www.zerodayinitiative.com/advisories/ZDI-21-182 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-19027 – OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19027
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. Existen tres vulnerabilidades de confusión de tipos en CX-One, en versiones 4.50 y anteriores, y en CX-Protocol, en versiones 2.0 y anteriores, durante el procesamiento de archivos de proyecto. Un atacante podría usar un archivo de proyecto especialmente manipulado para explotar y ejecutar código con los privilegios de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Protocol. • http://www.securityfocus.com/bid/106524 https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 25%CPEs: 7EXPL: 0CVE-2018-7514 – OMRON CX-One SBA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7514
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow. El análisis sintáctico de archivos de proyecto mal formados en Omron CX-One, en versiones 4.42 y anteriores, incluyendo las siguientes aplicaciones: CX-FLnet, en versiones 1.00 y anteriores; CX-Protocol, en versiones 1.992 y anteriores; CX-Programmer, en versiones 9.65 y anteriores; CX-Server, en versiones 5.0.22 y anteriores; Network Configurator, en versiones 3.63 y anteriores y Switch Box Utility, en versiones 1.68 y anteriores, podría provocar un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of SBA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •