CVE-2018-8834
published 2018-04-17CVE-2018-8834: Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol…
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.32%
23.5th percentile
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | omron_cx-one | — | — |
| omron | cx-flnet | <= 1.00 | — |
| omron | cx-one | <= 4.42 | — |
| omron | cx-programmer | <= 9.65 | — |
| omron | cx-protocol | <= 1.992 | — |
| omron | cx-server | <= 5.0.22 | — |
| omron | network_configurator | <= 3.63 | — |
| omron | switch_box_utility | <= 1.68 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qm7h-hvgh-53wq: Parsing malformed project files in Omron CX-One versions 4
ghsa_unreviewed·2022-05-13
CVE-2018-8834 [HIGH] CWE-787 GHSA-qm7h-hvgh-53wq: Parsing malformed project files in Omron CX-One versions 4
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
CISA ICS
Omron CX-One
cisa_ics·2018-04-10·CVSS 7.8
[HIGH] Omron CX-One
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Omron CX-One
Last RevisedApril 10, 2018
Alert CodeICSA-18-100-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.3
- ATTENTION: Low skill level to exploit.
- Vendor: Omron
- Equipment: CX-One
- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Type Confusion.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of CX-One are affected:
- CX-One Versions 4.42 and prior, including the following applications:
- CX-FLnet versions 1.00 and
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-04-17
Published