CVE-2020-27257: Omron CX-One PSW File Parsing Type Confusion Remote Code Execution Vulnerability
First published: Thu Jan 07 2021(Updated: )
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron CX-One | <=4.60 | |
| Omron CX-Position | <=2.52 | |
| Omron Cx-protocol | <=2.02 | |
| Omron Cx-server | <=5.0.28 | |
| Omron CX-One | ||
| Omron CX-One Versions 4.60 and prior, including the following applications: CX-Protocol Versions 2.02 and prior CX-Server Versions 5.0.28 and prior CX-Position Versions 2.52 and prior | ||
| Omron CX-Protocol Versions 2.02 and prior | ||
| Omron CX-Server Versions 5.0.28 and prior | ||
| Omron CX-Position Versions 2.52 and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-27257.
What is the severity of CVE-2020-27257?
The severity of CVE-2020-27257 is high with a CVSS score of 7.8.
Which software products are affected by CVE-2020-27257?
Omron CX-One, Omron CX-Position, Omron CX-Protocol, and Omron CX-Server are affected by CVE-2020-27257.
How does the vulnerability CVE-2020-27257 work?
CVE-2020-27257 is a type confusion vulnerability that allows remote attackers to execute arbitrary code on affected installations of Omron CX-One by exploiting a flaw in the parsing of PSW files.
How can CVE-2020-27257 be exploited?
To exploit CVE-2020-27257, the attacker requires the target to visit a malicious page or open a malicious PSW file.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-184
- alias/ZDI-CAN-11809
- alias/CVE-2020-27257
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ics-cert-advisory
- source/ICS
- vendor/omron
- canonical/omron cx-one
- version/omron cx-one/4.60
- canonical/omron cx-position
- version/omron cx-position/2.52
- canonical/omron cx-protocol
- version/omron cx-protocol/2.02
- canonical/omron cx-server
- version/omron cx-server/5.0.28
- canonical/omron cx-one versions 4.60 and prior, including the following applications: cx-protocol versions 2.02 and prior cx-server versions 5.0.28 and prior cx-position versions 2.52 and prior
- canonical/omron cx-protocol versions 2.02 and prior
- canonical/omron cx-server versions 5.0.28 and prior
- canonical/omron cx-position versions 2.52 and prior