CVE-2022-43509

Omron CX-One CX-Programmer CXP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.

Existe una vulnerabilidad de escritura fuera de los límites en CX-Programmer v.9.77 y versiones anteriores, que puede provocar la divulgación de información y/o la ejecución de código arbitrario al pedirle a un usuario que abra un archivo CXP especialmente manipulado.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

*Credits: xina1i

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-22 CVE Reserved
2022-12-07 CVE Published
2024-06-29 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (2)

URL	Tag	Source
https://jvn.jp/en/vu/JVNVU92877622/index.html	Third Party Advisory
https://jvn.jp/vu/JVNVU92877622/index.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Omron Search vendor "Omron"		Cx-programmer Search vendor "Omron" for product "Cx-programmer"				<= 9.77 Search vendor "Omron" for product "Cx-programmer" and version " <= 9.77"		-		Affected