[Japanese]
|
JVNDB-2024-003116
|
Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer
|
OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below.
* Out-of-bounds read (CWE-125) - CVE-2024-31412
* Free of pointer not at start of buffer (CWE-761) - CVE-2024-31413
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
CVSS V3 Severity: Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-31412
|
CVSS V3 Severity:
Base Metrics7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-31413
|
|
OMRON Corporation
- CX-One CX-One CXONE-AL [][] D-V4 The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX - One V4 auto update in January 2024 or prior
- CX-Programmer Included in CX-One CXONE-AL [][] D-V4 Ver. 9.81 or lower
- Sysmac Studio SYSMAC-SE2 [][][] The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior
|
For more information, refer to the information provided by the developer.
|
* Opening a specially crafted project file may lead to information disclosure and/or the product being crashed (CVE-2024-31412)
* Opening a specially crafted project file may lead to arbitrary code execution (CVE-2024-31413)
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
Regarding the details of how to obtain the update or how to update the firmware, contact the developer and/or the sales representatives.
|
OMRON Corporation
|
- Out-of-bounds Read(CWE-125) [Other]
- Free of Pointer not at Start of Buffer(CWE-761) [Other]
|
- CVE-2024-31412
- CVE-2024-31413
|
- JVN : JVNVU#98274902
|
- [2024/04/24]
Web page was published
|