Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.
Omron CX-One versiones 4.60 y anteriores, son vulnerables a un desbordamiento del búfer en la región stack de la memoria mientras son procesados archivos de proyectos específicos, lo que puede permitir a un atacante ejecutar código arbitrario
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FLN files in the CX-FLnet module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
