CVE-2018-17909: Use After Free
First published: Mon Nov 05 2018(Updated: )
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron CX-Supervisor | <=3.4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17909?
CVE-2018-17909 is considered a critical vulnerability due to its potential to allow attackers to execute arbitrary code.
How do I fix CVE-2018-17909?
To fix CVE-2018-17909, upgrade to Omron CX-Supervisor version 3.4.2.0 or later.
What are the risks associated with CVE-2018-17909?
The risks associated with CVE-2018-17909 include unauthorized code execution and potential system compromise.
Which versions of Omron CX-Supervisor are affected by CVE-2018-17909?
CVE-2018-17909 affects Omron CX-Supervisor versions up to and including 3.4.1.0.
Is CVE-2018-17909 actively being exploited?
As of now, there are no public reports confirming active exploitation of CVE-2018-17909, but it remains a critical concern for affected systems.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/omron
- canonical/omron cx-supervisor
- version/omron cx-supervisor/3.4.1.0