Access Control Vulnerability in Omron CX-One Software Suite
CVE-2018-7530

7.8HIGH

Key Information:

Vendor: Ics-cert
Status: Omron Cx-one
Vendor: CVE Published:; 17 April 2018

What is CVE-2018-7530?

Parsing malformed project files in Omron's CX-One software suite, specifically versions 4.42 and earlier as well as several associated applications, can lead to a situation where a pointer may call an incorrect object. This could enable unauthorized access to resources due to type incompatibility, potentially compromising system integrity and security.

Affected Version(s)

Omron CX-One The following versions of CX-One are affected: CX-One Versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2018
Vulnerability Reserved
Feb 26, 2018

CVE-2018-7530 Data

JSON

Ics-cert

What is CVE-2018-7530?

Affected Version(s)

References

CVSS V3.1

Timeline