Memory Management Flaw in Omron CX-Programmer and Common Components
CVE-2019-6556

6.6MEDIUM

Key Information:

Vendor: Omron
Status: Cx-programmer Within Cx-one
Vendor: CVE Published:; 10 April 2019

What is CVE-2019-6556?

The Omron CX-Programmer and Common Components are susceptible to a memory management vulnerability that occurs during the processing of project files. Specifically, the software does not adequately check for references to freed memory, allowing an attacker to craft a malicious project file that could exploit this flaw. If executed, this could lead to arbitrary code execution under the application’s privileges, potentially compromising system integrity. Organizations should review the relevant advisories and implement the necessary updates to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CX-Programmer within CX-One CX-Programmer v9.70 and prior and Common Components January 2019 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-19-344/

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2019
Vulnerability Reserved
Jan 22, 2019

JSON

Omron