CVE-2024-31413

2024-05-0112:54:15

jpcert

www.cve.org

cve-2024-31413

buffer overflow

cx-one

sysmac studio

arbitrary code execution

security vulnerability

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

CNA Affected

[
  {
    "vendor": "OMRON Corporation",
    "product": "CX-One CX-One CXONE-AL[][]D-V4 ",
    "versions": [
      {
        "version": "The version which was installed with a DVD ver. 4.61.1 or lower",
        "status": "affected"
      },
      {
        "version": " and was updated through CX-One V4 auto update in January 2024 or prior",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Sysmac Studio SYSMAC-SE2[][][] ",
    "versions": [
      {
        "version": "The version which was installed with a DVD ver. 1.56 or lower",
        "status": "affected"
      },
      {
        "version": " and was updated through Sysmac Studio V1 auto update in January 2024 or prior",
        "status": "affected"
      }
    ]
  }
]