CVE-2018-7530

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:omron:cx-flnet::::::::
	cpe:2.3:a:omron:cx-one::::::::
	cpe:2.3:a:omron:cx-programmer::::::::
	cpe:2.3:a:omron:cx-protocol::::::::
	cpe:2.3:a:omron:cx-server::::::::
	cpe:2.3:a:omron:network_configurator::::::::
	cpe:2.3:a:omron:switch_box_utility::::::::

History

No history.

Information

Published : 2018-04-17 19:29

Updated : 2024-02-28 16:25

NVD link : CVE-2018-7530

Mitre link : CVE-2018-7530

CVE.ORG link : CVE-2018-7530

JSON object : View

Products Affected

omron

cx-server
network_configurator
cx-protocol
switch_box_utility
cx-programmer
cx-one
cx-flnet

CWE

CWE-118

Incorrect Access of Indexable Resource ('Range Error')

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

{"id": "CVE-2018-7530", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-04-17T19:29:00.387", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-118"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition."}, {"lang": "es", "value": "El an\u00e1lisis sint\u00e1ctico de archivos de proyecto mal formados en Omron CX-One, en versiones 4.42 y anteriores, incluyendo las siguientes aplicaciones: CX-FLnet, en versiones 1.00 y anteriores; CX-Protocol, en versiones 1.992 y anteriores; CX-Programmer, en versiones 9.65 y anteriores; CX-Server, en versiones 5.0.22 y anteriores; Network Configurator, en versiones 3.63 y anteriores y Switch Box Utility, en versiones 1.68 y anteriores, podr\u00eda permitir que el puntero llame a un objeto incorrecto, lo que resulta en un acceso del recurso empleando una condici\u00f3n de tipo incompatible."}], "lastModified": "2019-10-09T23:42:23.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:omron:cx-flnet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB8B3D9-646D-4D95-BCBF-65910E65669F", "versionEndIncluding": "1.00"}, {"criteria": "cpe:2.3:a:omron:cx-one:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C1865E7-6B16-4F3F-9F49-CFA81A09FAF3", "versionEndIncluding": "4.42"}, {"criteria": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E51D1B1-AD65-4391-9139-7F37DD913299", "versionEndIncluding": "9.65"}, {"criteria": "cpe:2.3:a:omron:cx-protocol:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8DC4CD1-163E-4147-ACF9-5D9AED5E768F", "versionEndIncluding": "1.992"}, {"criteria": "cpe:2.3:a:omron:cx-server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5FADD4F-7551-4630-BD15-53BE7160EDA8", "versionEndIncluding": "5.0.22"}, {"criteria": "cpe:2.3:a:omron:network_configurator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "712C5D5F-BA56-4072-99E5-3590DBE51564", "versionEndIncluding": "3.63"}, {"criteria": "cpe:2.3:a:omron:switch_box_utility:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E26D4997-1257-421A-A943-8F6BBBC40A7B", "versionEndIncluding": "1.68"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}