Uninitialized Pointer Vulnerability in CX-Supervisor by Panasonic
CVE-2018-19018

7.3HIGH

Key Information:

Vendor: Ics-cert
Status: Cx-supervisor
Vendor: CVE Published:; 12 February 2019

What is CVE-2018-19018?

An access vulnerability in CX-Supervisor allows attackers to exploit uninitialized pointers, potentially leading to type confusion while processing project files. By sending a specifically crafted project file, an attacker could execute arbitrary code under the application's privileges, compromising system integrity. This vulnerability underscores the importance of ensuring that project files are handled securely to prevent unauthorized code execution.

Affected Version(s)

CX-Supervisor Versions 3.42 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2019
Vulnerability Reserved
Nov 6, 2018

CVE-2018-19018 Data

JSON

Ics-cert

What is CVE-2018-19018?

Affected Version(s)

References

CVSS V3.1

Timeline