CVE-2018-7530

Published Apr 17, 2018

Last updated 3 days ago

CVSS high 7.8

Overview

Description: Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

ics-cert@hq.dhs.gov: CWE-843
nvd@nist.gov: CWE-118

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:omron:cx-flnet:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFB8B3D9-646D-4D95-BCBF-65910E65669F",
            "versionEndIncluding": "1.00"
          },
          {
            "criteria": "cpe:2.3:a:omron:cx-one:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C1865E7-6B16-4F3F-9F49-CFA81A09FAF3",
            "versionEndIncluding": "4.42"
          },
          {
            "criteria": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E51D1B1-AD65-4391-9139-7F37DD913299",
            "versionEndIncluding": "9.65"
          },
          {
            "criteria": "cpe:2.3:a:omron:cx-protocol:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8DC4CD1-163E-4147-ACF9-5D9AED5E768F",
            "versionEndIncluding": "1.992"
          },
          {
            "criteria": "cpe:2.3:a:omron:cx-server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5FADD4F-7551-4630-BD15-53BE7160EDA8",
            "versionEndIncluding": "5.0.22"
          },
          {
            "criteria": "cpe:2.3:a:omron:network_configurator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "712C5D5F-BA56-4072-99E5-3590DBE51564",
            "versionEndIncluding": "3.63"
          },
          {
            "criteria": "cpe:2.3:a:omron:switch_box_utility:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E26D4997-1257-421A-A943-8F6BBBC40A7B",
            "versionEndIncluding": "1.68"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References