CVE-2018-17909
published 2018-11-05CVE-2018-17909: When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may…
PriorityP337high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
1.63%
73.2th percentile
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| omron | cx-supervisor | <= 3.4.1.0 | — |
| omron | cx-supervisor | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5j3q-fm57-p88f: When processing project files in Omron CX-Supervisor Versions 3
ghsa_unreviewed·2022-05-13
CVE-2018-17909 [HIGH] CWE-416 GHSA-5j3q-fm57-p88f: When processing project files in Omron CX-Supervisor Versions 3
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
CISA ICS
Omron CX-Supervisor (Update A)
cisa_ics·2018-10-17·CVSS 7.8
[HIGH] Omron CX-Supervisor (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Omron CX-Supervisor (Update A)
Last RevisedJanuary 31, 2019
Alert CodeICSA-18-290-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.0
- Vendor: Omron
- Equipment: CX-Supervisor
- Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-290-01 Omron CX-Supervisor that was published October 17, 2018, on the NCCIC/ICS-CERT website.
## 3. RISK EVALUATION
Successful exploitation of thes
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-11-05
Published