CVE-2018-19027: Incorrect Type Cast
First published: Wed Jan 30 2019(Updated: )
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron CX-One | <=4.50 | |
| Omron Cx-protocol | <=2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the type confusion vulnerabilities in CX-One and CX-Protocol?
The vulnerability ID is CVE-2018-19027.
What are the affected software versions?
The affected software versions are CX-One Versions up to and including 4.50 and CX-Protocol Versions up to and including 2.0.
What is the severity rating of CVE-2018-19027?
CVE-2018-19027 has a severity rating of 7.8 (High).
How can an attacker exploit the vulnerabilities?
An attacker can exploit the vulnerabilities by using a specially crafted project file.
What privileges can an attacker gain when exploiting CVE-2018-19027?
An attacker can execute code under the privileges of the application.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/omron
- canonical/omron cx-one
- version/omron cx-one/4.50
- canonical/omron cx-protocol
- version/omron cx-protocol/2.0