7 matches found
CVE-2020-27257
CVE-2020-27257 concerns a type-confusion in Omron CX-One’s CX-Protocol/PSW file parsing, affecting CX-One 4.60 and earlier. ZDI confirms a remote-code-execution route via PSW parsing with user interaction required (visit a malicious page/open a crafted file). The ICS advisory lists updates: CX-Pr...
CVE-2018-7514
CVE-2018-7514 affects Omron CX-One 4.42 and earlier, including CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, and Switch Box Utility. Multiple sources describe a stack-based (and in some cases heap-based) buffer overflow caused by processing malformed project files or cert...
CVE-2018-7530
The CVE-2018-7530 issue is a Type Confusion in Omron CX-One and its integrated apps (e.g., CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility) triggered by parsing malformed project files. This can cause the pointer to call an incorrect object, leading to an...
CVE-2018-19027
CVE-2018-19027 affects Omron CX-One CX-Protocol (2.0 and earlier) within CX-One 4.50 and earlier. The vulnerability is a type confusion caused by improper parsing of project files, enabling an attacker to execute arbitrary code in the context of the affected application. Some sources indicate rem...
CVE-2020-27261
Omron CX-One (versions 4.60 and earlier) contains a stack-based buffer overflow in the CX-One CX-Position component (NCI file parsing) caused by inadequate input validation of NCI configuration data, enabling remote arbitrary code execution. Affected apps include CX-Protocol (≤2.02), CX-Server (≤...
CVE-2018-8834
CVE-2018-8834 affects Omron CX-One and integrated tools (CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility). The issue is a heap-based buffer overflow caused by improper input handling while parsing project/configuration data (e.g., FLN/NVF/Version/Node Nam...
CVE-2020-27259
The CVE-2020-27259 issue affects Omron CX-One (versions 4.60 and prior), arising from an untrusted pointer dereference in CX-One’s NCI file parsing (CX-Position). This flaw can permit remote code execution, with exploitation tied to user interaction (visit a crafted page/file). The ZDI advisory s...