20 matches found
CVE-2019-18251
CVE-2019-18251 affects Omron CX-Supervisor (versions 3.5 (12) and earlier) where CX-Supervisor ships with TeamViewer 5.0.8703 QS. The issue is a vulnerability in the bundled TeamViewer, described as an obsolete-function flaw that requires user interaction to exploit (CWE-477 per ICS update; ZDI c...
CVE-2018-19015
The CVE-2018-19015 issue affects OMRON CX-Supervisor (versions up to 3.42) via project-file parsing. The root cause is improper validation of user-supplied strings, enabling an attacker to inject commands and create/write/read files, potentially executing code with the application’s privileges. D...
CVE-2018-7525
CVE-2018-7525 affects Omron CX-Supervisor up to version 3.30. The issue is an untrusted pointer dereference triggered when parsing malformed input (CDM files) or processing a malformed packet by a specific executable, as described in the connected ZDI advisory. The vulnerability could allow arbit...
CVE-2018-19020
CX-Supervisor (Omron) is affected by CVE-2018-19020: in versions 3.42 and prior, processing project files with a tampered offset allows an out-of-bounds read (information disclosure). The root cause is reading beyond an array due to offset manipulation during file parsing. Impact is information d...
CVE-2021-20836
CX-Supervisor (Omron) is affected by CVE-2021-20836, with out-of-bounds read in versions v4.0.0.13 and v4.0.0.16. An attacker with administrative privileges can cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project file. The NVD entry confirms the...
CVE-2018-19018
CVE-2018-19018 affects Omron CX-Supervisor (versions 3.42 and earlier). The vulnerability is an access of an uninitialized pointer that can cause a type confusion when processing project files , enabling an attacker to craft a project file to execute code with the application’s privileges. The is...
CVE-2018-7513
OMRON CX-Supervisor vulnerability CVE-2018-7513: A stack-based buffer overflow in parsing malformed SCS project files affects CX-Supervisor 3.30 and earlier. The ZDI advisory indicates remote code execution is possible, with exploitation requiring user interaction (target must visit a malicious p...
CVE-2018-17913
CVE-2018-17913 is a type confusion vulnerability in Omron CX-Supervisor (versions 3.4.1.0 and earlier). The issue arises during processing of project files (notably SCS/PAG file handling) leading to code execution in the vulnerable process. Exploitation is remote in concept but requires user inte...
CVE-2018-19017
CVE-2018-19017 pertains to OMRON CX-Supervisor (versions ≤ 3.42). The issue is a use-after-free in the SCS/project file parsing path where the software may reference freed memory while processing project files, enabling remote code execution. Exploitation appears tied to opening or processing a m...
CVE-2018-19013
Omron CX-Supervisor CVE-2018-19013 affects CX-Supervisor versions 3.42 and earlier. The vulnerability arises from command injection during processing of a crafted project file, allowing an attacker to delete files or their contents on the device. Public details from connected sources describe exp...
CVE-2018-7515
OMRON CX-Supervisor CVE-2018-7515 affects CX-Supervisor, versions 3.30 and earlier. The flaw is an uninitialized pointer that can be triggered during parsing of malformed SCS project files, allowing remote code execution under the process context. ZDI advisories confirm remote code execution via ...
CVE-2018-7517
CVE-2018-7517 relates to Omron CX-Supervisor, where parsing malformed SCS project files can trigger an out-of-bounds write in the file parsing code (affecting CX-Supervisor versions 3.30 and prior; ICS update notes 3.40 and prior). The vulnerability potentially enables remote code execution when ...
CVE-2018-19011
Omron CX-Supervisor is affected (versions 3.42 and prior). The vulnerability, CVE-2018-19011, allows code execution by processing a project file that contains injected code, enabling an attacker to run code with the application’s privileges. Public disclosures and advisories (ZDI, ICS-CERT/ICSA-1...
CVE-2018-19019
CVE-2018-19019 is an OMRON CX-Supervisor vulnerability in CX-Supervisor prior to 3.5.0.11 involving a type confusion during processing of project files (SCS handling). The flaw can allow code execution in the context of the application when a specially crafted project file is processed; user inte...
CVE-2018-17909
CVE-2018-17909 corresponds to a Use-After-Free vulnerability in Omron CX-Supervisor’s file parsing routines (SCS file processing), where the application fails to verify the existence of an object before operating on it. This condition can allow code execution in the context of the affected proces...
CVE-2018-7519
CVE-2018-7519 affects Omron CX-Supervisor, with vulnerable heap-based overflow in the SCS project-file parsing. The flaw exists in CX-Supervisor versions 3.30 and earlier; the ZDI advisory confirms remote code execution is possible, requiring user interaction (the target must open a malicious fil...
CVE-2018-7521
CVE-2018-7521 concerns Omron CX-Supervisor (versions 3.30 and earlier) with a use-after-free in the parsing/processing of project files (SCS/SCS-like). The ZDI advisories describe multiple use-after-free conditions in parsing various CX-Supervisor project/file formats that allow remote attackers ...
CVE-2018-7523
CVE-2018-7523 affects Omron CX-Supervisor (SCS) parsing of project files, causing a double-free vulnerability. The ZDI advisory confirms remote code execution when a crafted project file is parsed, with user interaction required (visit a malicious page or open a malicious file). Affected versions...
CVE-2018-17907
CVE-2018-17907 is an Out-of-Bounds Read vulnerability in Omron CX-Supervisor (versions 3.4.1.0 and prior). When processing project files and tampering with the value of an offset, the application can read outside an array. Impact: potential information disclosure; exploitation details emphasize l...
CVE-2018-17905
CVE-2018-17905 affects Omron CX-Supervisor (v3.4.1.0 and earlier). The issue is memory corruption during SCS file processing (tampering with a specific byte) within a vulnerable object, leading to potential code execution. ZDI-18-1287 confirms remote code execution with user interaction required ...