Cx-position Security Vulnerabilities and Issues — Cx-position CVE List

OmronCx-position

7 matches found

CVE•added 2021/02/09 2:10 p.m.•117 views

CVE-2020-27257

CVE-2020-27257 concerns a type-confusion in Omron CX-One’s CX-Protocol/PSW file parsing, affecting CX-One 4.60 and earlier. ZDI confirms a remote-code-execution route via PSW parsing with user interaction required (visit a malicious page/open a crafted file). The ICS advisory lists updates: CX-Pr...

7.8CVSS8AI score0.00525EPSS

CVE•added 2022/04/01 10:17 p.m.•82 views

CVE-2022-26419

CVE-2022-26419 affects Omron CX-Position (versions 2.5.3 and earlier). The vulnerability stems from stack-based buffer overflows during parsing of a specific project file (NCI/CX-Position files), caused by insufficient validation when copying user-controlled data into fixed-size buffers. This can...

7.8CVSS7.9AI score0.00677EPSS

CVE•added 2022/04/01 10:17 p.m.•77 views

CVE-2022-26417

CVE-2022-26417 affects Omron CX-Position (versions 2.5.3 and prior) and is caused by a use-after-free in parsing a specific project file (NCI). This could allow code execution in the context of the affected process. Mitigation: Omron released Version 2.5.4. Public exploit details are not provided...

7.8CVSS7.9AI score0.00279EPSS

CVE•added 2022/04/01 10:17 p.m.•76 views

CVE-2022-26022

CVE-2022-26022 affects Omron CX-Position (versions 2.5.3 and prior). The issue is an out-of-bounds write that occurs while processing a specific project file (NCI file), enabling arbitrary code execution in the context of the compromised process. Public sources consistently describe it as a memor...

7.8CVSS7.9AI score0.00205EPSS

CVE•added 2022/04/01 10:17 p.m.•70 views

CVE-2022-25959

Summary: CVE-2022-25959 affects Omron CX-Position, version 2.5.3 and earlier. The issue is a memory corruption vulnerability that occurs while parsing a specific project file (NCI file) in the CX-Position module, which can allow an attacker to execute arbitrary code. Affected component: CX-Positi...

7.8CVSS8AI score0.00205EPSS

CVE•added 2021/02/09 2:9 p.m.•45 views

CVE-2020-27261

Omron CX-One (versions 4.60 and earlier) contains a stack-based buffer overflow in the CX-One CX-Position component (NCI file parsing) caused by inadequate input validation of NCI configuration data, enabling remote arbitrary code execution. Affected apps include CX-Protocol (≤2.02), CX-Server (≤...

8.8CVSS8.9AI score0.01685EPSS

CVE•added 2021/02/09 2:9 p.m.•40 views

CVE-2020-27259

The CVE-2020-27259 issue affects Omron CX-One (versions 4.60 and prior), arising from an untrusted pointer dereference in CX-One’s NCI file parsing (CX-Position). This flaw can permit remote code execution, with exploitation tied to user interaction (visit a crafted page/file). The ZDI advisory s...

8.8CVSS8.9AI score0.00476EPSS