CVE-2018-8834: Buffer Overflow
First published: Tue Apr 17 2018(Updated: )
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron Cx-flnet | <=1.00 | |
| Omron CX-One | <=4.42 | |
| Omron CX-Programmer | <=9.65 | |
| Omron Cx-protocol | <=1.992 | |
| Omron Cx-server | <=5.0.22 | |
| Omron Network Configurator | <=3.63 | |
| Omron Switch Box Utility | <=1.68 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8834?
CVE-2018-8834 is a vulnerability that allows an attacker to execute arbitrary code or cause a denial of service by exploiting the parsing of malformed project files in Omron CX-One versions 4.42 and prior.
Which applications are affected by CVE-2018-8834?
The affected applications include CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, and Network Configurator versions 3.63 and prior.
What is the severity of CVE-2018-8834?
CVE-2018-8834 has a severity score of 7.8 (high).
How can I fix CVE-2018-8834?
To fix CVE-2018-8834, it is recommended to update to the latest version of Omron CX-One and the affected applications.
Where can I find more information about CVE-2018-8834?
More information about CVE-2018-8834 can be found at the following reference link: https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/author
- agent/event
- agent/description
- agent/tags
- vendor/omron
- canonical/omron cx-flnet
- version/omron cx-flnet/1.00
- canonical/omron cx-one
- version/omron cx-one/4.42
- canonical/omron cx-programmer
- version/omron cx-programmer/9.65
- canonical/omron cx-protocol
- version/omron cx-protocol/1.992
- canonical/omron cx-server
- version/omron cx-server/5.0.22
- canonical/omron network configurator
- version/omron network configurator/3.63
- canonical/omron switch box utility
- version/omron switch box utility/1.68