Buffer Overflow Vulnerability in CX-Supervisor by Schneider Electric
CVE-2018-19020

5MEDIUM

Key Information:

Vendor: Ics-cert
Status: Cx-supervisor
Vendor: CVE Published:; 12 February 2019

What is CVE-2018-19020?

A buffer overflow vulnerability exists in CX-Supervisor, version 3.42 and earlier, that allows an attacker to manipulate project files. By tampering with an offset value, the attacker can cause the application to read beyond the boundaries of an array. This flaw could lead to unauthorized access to memory and result in various security issues, making it imperative for users to apply available patches and updates.

Affected Version(s)

CX-Supervisor Versions 3.42 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2019
Vulnerability Reserved
Nov 6, 2018

CVE-2018-19020 Data

JSON

Ics-cert

What is CVE-2018-19020?

Affected Version(s)

References

CVSS V3.1

Timeline