OMRON CX-Supervisor vulnerable to out-of-bounds read


CX-Supervisor provided by OMRON Corporation contains an out-of-bounds read vulnerability (CWE-125, CVE-2021-20836).

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

OMRON Corporation
  • CX-Supervisor v4.0.0.13
  • CX-Supervisor v4.0.0.16

The developer states that validation on v4.0.0.13 and v4.0.0.16 was conducted and the vulnerability was confirmed on those versions. However other versions may be affected by this vulnerability. CX-Supervisor is the product sold outside Japan.

If a user of the product has access to change system settings and opens a specially crafted SCS project file, information disclosure and/or arbitrary code execution may occur.

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer released the following version that contains the fix for this vulnerability.

* CX-Supervisor

Vendor Information

OMRON Corporation
CWE (What is CWE?)

  1. Out-of-bounds Read(CWE-125) [Other]
CVE (What is CVE?)

  1. CVE-2021-20836

  1. JVN : JVNVU#90041391
  2. National Vulnerability Database (NVD) : CVE-2021-20836
Revision History

  • [2021/10/18]
      Web page was published
  • [2021/11/01]
      References : Content was added