CVE-2019-6556

MEDIUM

Omron CX-Programmer < 9.70 and Common Components < 2019-01 - Use-After-Free in Project File Processing

Title source: llm
STIX 2.1

Description

When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

References (2)

Core 2
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-344/

Scores

CVSS v3 6.6
EPSS 0.0115
EPSS Percentile 63.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Details

CWE
CWE-416
Status published
Products (2)
omron/common_components < 2019-01
omron/cx-programmer < 9.70
Published Apr 10, 2019
Tracked Since Feb 18, 2026