CVE-2018-17909

HIGH

Omron CX-Supervisor <3.4.1.0 - Use After Free

Title source: llm
STIX 2.1

Description

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105691

Scores

CVSS v3 7.8
EPSS 0.0163
EPSS Percentile 73.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
omron/cx-supervisor < 3.4.1.0
Published Nov 05, 2018
Tracked Since Feb 18, 2026