Lucene search
K
OmronCx-server

9 matches found

CVE
CVE
added 2021/02/09 2:10 p.m.127 views

CVE-2020-27257

CVE-2020-27257 concerns a type-confusion in Omron CX-One’s CX-Protocol/PSW file parsing, affecting CX-One 4.60 and earlier. ZDI confirms a remote-code-execution route via PSW parsing with user interaction required (visit a malicious page/open a crafted file). The ICS advisory lists updates: CX-Pr...

7.8CVSS8AI score0.01781EPSS
CVE
CVE
added 2021/05/13 6:56 p.m.71 views

CVE-2021-27413

CVE-2021-27413 (Omron CX-One) affects CX-One up to v4.60 and CX-Server up to v5.0.29.0. A flaw in parsing NCI files within the CX-Position component causes a stack-based buffer overflow, enabling arbitrary code execution. ZDI describes remote code execution with attacker-controlled data in NCI pa...

7.8CVSS7.9AI score0.09987EPSS
CVE
CVE
added 2018/04/17 7:0 p.m.68 views

CVE-2018-7514

CVE-2018-7514 affects Omron CX-One 4.42 and earlier, including CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, and Switch Box Utility. Multiple sources describe a stack-based (and in some cases heap-based) buffer overflow caused by processing malformed project files or cert...

7.8CVSS7.5AI score0.00318EPSS
CVE
CVE
added 2018/12/04 10:0 p.m.62 views

CVE-2018-18993

CVE-2018-18993 relates to two stack-based buffer overflow vulnerabilities in Omron CX-One (CX-Position module) affecting CX-One v4.42 and earlier, including CX-Programmer v9.66 and earlier and CX-Server v5.0.23 and earlier. The flaws occur when processing project files, allowing input data to exc...

7.8CVSS8AI score0.01754EPSS
CVE
CVE
added 2018/04/17 7:0 p.m.57 views

CVE-2018-7530

The CVE-2018-7530 issue is a Type Confusion in Omron CX-One and its integrated apps (e.g., CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility) triggered by parsing malformed project files. This can cause the pointer to call an incorrect object, leading to an...

7.8CVSS7.5AI score0.00331EPSS
CVE
CVE
added 2021/02/09 2:9 p.m.55 views

CVE-2020-27261

Omron CX-One (versions 4.60 and earlier) contains a stack-based buffer overflow in the CX-One CX-Position component (NCI file parsing) caused by inadequate input validation of NCI configuration data, enabling remote arbitrary code execution. Affected apps include CX-Protocol (≤2.02), CX-Server (≤...

8.8CVSS8.9AI score0.07612EPSS
CVE
CVE
added 2018/12/04 10:0 p.m.54 views

CVE-2018-18989

The CVE-2018-18989 issue in Omron CX-One involves a use-after-free in CX-One’s CX-Programmer (v9.66 and earlier) and CX-Server (v5.0.23 and earlier) when processing project files. The vulnerability arises from not verifying references to freed memory, enabling an attacker to craft a project file ...

7.8CVSS7.6AI score0.01627EPSS
CVE
CVE
added 2018/04/17 7:0 p.m.54 views

CVE-2018-8834

CVE-2018-8834 affects Omron CX-One and integrated tools (CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility). The issue is a heap-based buffer overflow caused by improper input handling while parsing project/configuration data (e.g., FLN/NVF/Version/Node Nam...

7.8CVSS7.5AI score0.00318EPSS
CVE
CVE
added 2021/02/09 2:9 p.m.52 views

CVE-2020-27259

The CVE-2020-27259 issue affects Omron CX-One (versions 4.60 and prior), arising from an untrusted pointer dereference in CX-One’s NCI file parsing (CX-Position). This flaw can permit remote code execution, with exploitation tied to user interaction (visit a crafted page/file). The ZDI advisory s...

8.8CVSS8.9AI score0.02669EPSS