CVE-2018-19013

MEDIUM

CX-Supervisor < 3.42 - Command Injection via Crafted Project File

Title source: llm
STIX 2.1

Description

An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106654
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01

Scores

CVSS v3 5.0
EPSS 0.0075
EPSS Percentile 50.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-77
Status published
Products (1)
omron/cx-supervisor < 3.42
Published Jan 22, 2019
Tracked Since Feb 18, 2026