Vulnerability CVE-2018-7530
Published: 2018-04-17

Description:
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.

Type:

CWE-118

 (Improper Access of Indexable Resource ('Range Error'))

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Omron -> Cx-flnet 
Omron -> Cx-one 
Omron -> Cx-programmer 
Omron -> Cx-protocol 
Omron -> Cx-server 
Omron -> Network configurator 
Omron -> Switch box utility 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02
Copyright 2024, cxsecurity.com

 

Back to Top