Omron CX-Supervisor Multiple Security Vulnerabilities
BID:103970
Info
Omron CX-Supervisor Multiple Security Vulnerabilities
| Bugtraq ID: | 103970 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-8834 CVE-2018-7514 CVE-2018-7530 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2018 12:00AM |
| Updated: | Apr 10 2018 12:00AM |
| Credit: | rgod working with Trend Micro�??s Zero Day Initiative |
| Vulnerable: |
Omron Switch Box Utility 1.68 Omron Network Configurator 3.63 Omron CX-Server 5.0.22 Omron CX-Protocol 1.992 Omron CX-Programmer 9.65 Omron CX-One 4.42 Omron CX-FLnet 1.00 |
| Not Vulnerable: |
Omron Switch Box Utility 1.69 Omron Network Configurator 3.64 Omron CX-Server 5.0.23 Omron CX-Protocol 1.993 Omron CX-Programmer 9.66 Omron CX-FLnet 1.10 |
Discussion
Omron CX-Supervisor Multiple Security Vulnerabilities
Omron CX-Supervisor is prone to the following security vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
3. A security vulnerability
An attacker can exploit these issues to execute arbitrary code in the context of the application, or cause a denial-of-service condition.
The following products are affected:
CX-One Versions 4.42 and prior
CX-FLnet versions 1.00 and prior
CX-Protocol versions 1.992 and prior
CX-Programmer versions 9.65 and prior
CX-Server versions 5.0.22 and prior
Network Configurator versions 3.63 and prior
Switch Box Utility versions 1.68 and prior.
Omron CX-Supervisor is prone to the following security vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
3. A security vulnerability
An attacker can exploit these issues to execute arbitrary code in the context of the application, or cause a denial-of-service condition.
The following products are affected:
CX-One Versions 4.42 and prior
CX-FLnet versions 1.00 and prior
CX-Protocol versions 1.992 and prior
CX-Programmer versions 9.65 and prior
CX-Server versions 5.0.22 and prior
Network Configurator versions 3.63 and prior
Switch Box Utility versions 1.68 and prior.
Exploit / POC
Omron CX-Supervisor Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Omron CX-Supervisor Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Omron CX-Supervisor Multiple Security Vulnerabilities
References:
References:
- Omron Homepage (Omron)
- ICSA-18-100-02: Omron CX-One (ICS-CERT)