Skip to main content

Cx Supervisor CVE-2018-17907

LOW
Buffer Overflow (CWE-119)
2018-11-05 ics-cert@hq.dhs.gov
3.3
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 05, 2018 - 23:29 nvd
LOW 3.3

DescriptionNVD

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.

AnalysisAI

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. Affected products include: Omron Cx-Supervisor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2019-18251 HIGH
8.8 Nov 26

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. Rate

CVE-2018-17913 HIGH
7.8 Nov 05

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, w

CVE-2018-17909 HIGH
7.8 Nov 05

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is

CVE-2018-17905 HIGH
7.8 Nov 05

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memo

CVE-2021-20836 MEDIUM
6.5 Oct 19

Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privile

CVE-2018-7525 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untru

CVE-2018-7523 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. R

CVE-2018-7521 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parse

CVE-2018-7519 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.

CVE-2018-7517 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability

CVE-2018-7515 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX

CVE-2018-7513 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.

Share

CVE-2018-17907 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy