The vulnerability of the software package for creating the CX-Position position control system, the software package for describing procedures for serial data exchange between standard CX-Protocol devices, and the device compatibility system between Omron CX-Servers included in the Omron CX-One software suite, allows a hacker to execute arbitrary code.

🗓️ 28 Jan 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerabilities in Omron CX-One components allow arbitrary code execution due to unchecked pointer reassignment.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2020-27259	8 Jan 202114:38	–	circl
CNNVD	Omron CX-One and CX-Protocol Security Vulnerabilities	7 Jan 202100:00	–	cnnvd
CVE	CVE-2020-27259	9 Feb 202114:09	–	cve
Cvelist	CVE-2020-27259 Omron CX-One	9 Feb 202114:09	–	cvelist
EUVD	EUVD-2020-19772	7 Oct 202500:30	–	euvd
ICS	Omron CX-One	7 Jan 202100:00	–	ics
NVD	CVE-2020-27259	9 Feb 202115:15	–	nvd
Prion	Code injection	9 Feb 202115:15	–	prion
Zero Day Initiative	Omron CX-One NCI File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability	10 Feb 202100:00	–	zdi

Vulners

Node

omron_electronics_llc cx-oneMatch4.40

OR

omron_electronics_llc cx-oneMatch4.41

OR

omron_electronics_llc cx-oneMatch4.42

OR

omron_electronics_llc cx-oneMatch4.6

OR

omron_electronics_llc omron_cx-serverRange<5.0.29

OR

omron_electronics_llc omron_cx-protocolRange<2.03

OR

omron_electronics_llc omron_cx-positionRange<2.53

Source	Link
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021010805
ics-cert	www.ics-cert.us-cert.gov/advisories/icsa-21-007-02
web	www.web.nvd.nist.gov/view/vuln/detail

30 Nov 2021 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 38.8

CVSS 210

EPSS0.00476

Omron software suite position control package protocol data package servers compatibility system remote code execution pointer reassignment flaw