CVE-2022-26022
Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.
Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una escritura fuera de límites mientras es procesado un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of NCI files in the CX-Position module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-21 CVE Reserved
- 2022-04-01 CVE Published
- 2024-09-17 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 | Third Party Advisory | |
https://www.zerodayinitiative.com/advisories/ZDI-22-581 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Omron Search vendor "Omron" | Cx-position Search vendor "Omron" for product "Cx-position" | <= 2.5.3 Search vendor "Omron" for product "Cx-position" and version " <= 2.5.3" | - |
Affected
|