Skip to main content

Cx Supervisor CVE-2021-20836

MEDIUM
Out-of-bounds Read (CWE-125)
2021-10-19 vultures@jpcert.or.jp
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 19, 2021 - 03:15 nvd
MEDIUM 6.5

DescriptionNVD

Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.

AnalysisAI

Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files. Affected products include: Omron Cx-Supervisor.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2019-18251 HIGH
8.8 Nov 26

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. Rate

CVE-2018-17913 HIGH
7.8 Nov 05

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, w

CVE-2018-17909 HIGH
7.8 Nov 05

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is

CVE-2018-17905 HIGH
7.8 Nov 05

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memo

CVE-2018-7525 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untru

CVE-2018-7523 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. R

CVE-2018-7521 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parse

CVE-2018-7519 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.

CVE-2018-7517 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability

CVE-2018-7515 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX

CVE-2018-7513 MEDIUM
5.3 Mar 21

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.

CVE-2018-17907 LOW
3.3 Nov 05

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offse

Share

CVE-2021-20836 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy