Update Fixes Omron CX-One Holes

Tuesday, December 4, 2018 @ 03:12 PM gHale

Omron has an updated version to mitigate stack-based buffer overflow and a use after free vulnerabilities in its CX-One, according to a report from NCCIC.

Successful exploitation of these vulnerabilities, discovered by Esteban Ruiz (mr_me) of Source Incite working with Trend Micro’s Zero Day Initiative, could allow an attacker to execute code under the privileges of the application.

RELATED STORIES
Pilz Fixes Safety Controller Hole
Holes in INVT Electric VT-Designer
AVEVA Fixes Vijeo Citect, Citect SCADA Hole
Schneider Mitigations for Modicon M221 Hole

CX-One Versions 4.42 and prior, including the following applications:
• CX-Programmer Versions 9.66 and prior
• CX-Server Versions 5.0.23 and prior

In one vulnerability, two stack-based buffer overflow holes have been discovered. When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application.

CVE-2018-18993 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 6.6.

In addition, when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

CVE-2018-18989 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.8.

The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely. An attacker with low skill level could leverage the vulnerabilities.

Japan-based Omron released an updated version of CX-One to address the reported vulnerabilities. These releases are available through the CX-One auto-update service:
• CX-Programmer Versions 9.70
• Common Module including CX-Server Version 5.0.24



Leave a Reply

You must be logged in to post a comment.