Buffer Overflow Vulnerability in Omron CX-One and Associated Applications
CVE-2018-7514

7.8HIGH

Key Information:

Vendor: Ics-cert
Status: Omron Cx-one
Vendor: CVE Published:; 17 April 2018

What is CVE-2018-7514?

The vulnerability arises from parsing malformed project files in Omron CX-One software versions 4.42 and earlier. This flaw can lead to a stack-based buffer overflow, potentially allowing attackers to execute arbitrary code or manipulate system resources. Affected applications include CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, and Switch Box Utility. Users of these applications should take immediate action to update or secure their systems to mitigate risks.

Affected Version(s)

Omron CX-One The following versions of CX-One are affected: CX-One Versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2018
Vulnerability Reserved
Feb 26, 2018

CVE-2018-7514 Data

JSON

Ics-cert

What is CVE-2018-7514?

Affected Version(s)

References

CVSS V3.1

Timeline