CVE-2018-17913

HIGH

Omron CX-Supervisor <3.4.1.0 - Code Injection

Title source: llm

Description

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.

References (2)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105691

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 40.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (1)

omron/cx-supervisor < 3.4.1.0

Published Nov 05, 2018

Tracked Since Feb 18, 2026