Description
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02
Scores
CVSS v3
7.8
EPSS
0.0011
EPSS Percentile
29.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-122
CWE-787
Status
published
Products (7)
omron/cx-flnet
< 1.00
omron/cx-one
< 4.42
omron/cx-programmer
< 9.65
omron/cx-protocol
< 1.992
omron/cx-server
< 5.0.22
omron/network_configurator
< 3.63
omron/switch_box_utility
< 1.68
Published
Apr 17, 2018
Tracked Since
Feb 18, 2026