Your one-stop web resource providing safety and security information to manufacturers

Omron released an update to its fix for multiple vulnerabilities in its CX-Supervisor, according to a report by NCCIC.

The vulnerabilities are a code injection, command injection, use after free, type confusion, access of uninitialized pointer, and out-of-bounds read.

RELATED STORIES
Kunbus Updates PR100088 Modbus Gateway Fix
Siemens Fixes SIMATIC S7-1500 CPU
WECON Fixes LeviStudioU Holes
Rockwell Clears EtherNet/IP Web Server Module Holes

Successful exploitation of these vulnerabilities could result in a denial-of-service condition, and/or allow an attacker to achieve code execution with privileges within the context of the application.

CX-Supervisor versions 3.42 and prior suffer from the vulnerabilities, discovered by Michael DePlante of Trend Micro’s Zero Day Initiative and Esteban Ruiz (mr_me) of Source Incite, working with Trend Micro’s Zero Day Initiative.

Cyber Security

In one issue, the application can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.

CVE-2018-19011 is the case number assigned to this vulnerability., which has a CVSS v3 base score of 7.3.

In addition, an attacker could inject commands to delete files and/or delete the contents of a file on the device through a specially crafted project file.

CVE-2018-19013 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.0.

Also, an attacker could inject commands to launch programs and create, write, and read files on the device through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.

CVE-2018-19015 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

In addition, several use after free vulnerabilities have been identified. When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

CVE-2018-19017 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 7.3.

Also, a type confusion vulnerability exists when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

CVE-2018-19019 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

In addition, an access of uninitialized pointer vulnerability could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVE-2018-19018 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.7.

Also, when processing project files and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.
CVE-2018-19020 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 2.8.

The product sees use mainly in the energy sector. It is also deployed on a global basis.

No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely. However, an attacker with low skill level could leverage the vulnerabilities.

Japan-based Omron released Version 3.5.0.11 of CX-Supervisor to address the reported vulnerabilities. To be protected, development projects must be upgraded and saved in the new format, then rebuilt in the latest 3.5.0.11 format. Click here for information on downloading the latest version of CX-Supervisor.

Pin It on Pinterest

Share This