9 matches found
CVE-2020-27257
CVE-2020-27257 concerns a type-confusion in Omron CX-One’s CX-Protocol/PSW file parsing, affecting CX-One 4.60 and earlier. ZDI confirms a remote-code-execution route via PSW parsing with user interaction required (visit a malicious page/open a crafted file). The ICS advisory lists updates: CX-Pr...
CVE-2021-27413
CVE-2021-27413 (Omron CX-One) affects CX-One up to v4.60 and CX-Server up to v5.0.29.0. A flaw in parsing NCI files within the CX-Position component causes a stack-based buffer overflow, enabling arbitrary code execution. ZDI describes remote code execution with attacker-controlled data in NCI pa...
CVE-2018-7514
CVE-2018-7514 affects Omron CX-One 4.42 and earlier, including CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, and Switch Box Utility. Multiple sources describe a stack-based (and in some cases heap-based) buffer overflow caused by processing malformed project files or cert...
CVE-2018-18993
CVE-2018-18993 relates to two stack-based buffer overflow vulnerabilities in Omron CX-One (CX-Position module) affecting CX-One v4.42 and earlier, including CX-Programmer v9.66 and earlier and CX-Server v5.0.23 and earlier. The flaws occur when processing project files, allowing input data to exc...
CVE-2018-7530
The CVE-2018-7530 issue is a Type Confusion in Omron CX-One and its integrated apps (e.g., CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility) triggered by parsing malformed project files. This can cause the pointer to call an incorrect object, leading to an...
CVE-2020-27261
Omron CX-One (versions 4.60 and earlier) contains a stack-based buffer overflow in the CX-One CX-Position component (NCI file parsing) caused by inadequate input validation of NCI configuration data, enabling remote arbitrary code execution. Affected apps include CX-Protocol (≤2.02), CX-Server (≤...
CVE-2018-18989
The CVE-2018-18989 issue in Omron CX-One involves a use-after-free in CX-One’s CX-Programmer (v9.66 and earlier) and CX-Server (v5.0.23 and earlier) when processing project files. The vulnerability arises from not verifying references to freed memory, enabling an attacker to craft a project file ...
CVE-2018-8834
CVE-2018-8834 affects Omron CX-One and integrated tools (CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility). The issue is a heap-based buffer overflow caused by improper input handling while parsing project/configuration data (e.g., FLN/NVF/Version/Node Nam...
CVE-2020-27259
The CVE-2020-27259 issue affects Omron CX-One (versions 4.60 and prior), arising from an untrusted pointer dereference in CX-One’s NCI file parsing (CX-Position). This flaw can permit remote code execution, with exploitation tied to user interaction (visit a crafted page/file). The ZDI advisory s...