What is CVE-2020-27259?

CVE-2020-27259 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Omron CX-One.

How does CVE-2020-27259 work?

CVE-2020-27259 works by exploiting a flaw in the parsing of NCI files in Omron CX-One, allowing remote attackers to execute arbitrary code.

What is the severity of CVE-2020-27259?

CVE-2020-27259 has a severity rating of 8.8 (high).

Which software products are affected by CVE-2020-27259?

Omron CX-One, Omron CX-Position, Omron Cx-protocol, and Omron Cx-server versions up to inclusive 4.60, 2.52, 2.02, and 5.0.28 respectively are affected by CVE-2020-27259.

How can CVE-2020-27259 be mitigated?

To mitigate CVE-2020-27259, it is recommended to update to the latest version of the affected software and avoid visiting malicious pages or opening malicious files.

Vulnerability/
CVE-2020-27259

high

8.8

CWE

822

7/1/2021

4/8/2024

CVE-2020-27259: Omron CX-One NCI File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability

First published: Thu Jan 07 2021(Updated: )

The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Omron CX-One	<=4.60
Omron CX-Position	<=2.52
Omron Cx-protocol	<=2.02
Omron Cx-server	<=5.0.28
Omron CX-One
Omron CX-One Versions 4.60 and prior, including the following applications: CX-Protocol Versions 2.02 and prior CX-Server Versions 5.0.28 and prior CX-Position Versions 2.52 and prior
Omron CX-Protocol Versions 2.02 and prior
Omron CX-Server Versions 5.0.28 and prior
Omron CX-Position Versions 2.52 and prior

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-007-02

Frequently Asked Questions

What is CVE-2020-27259?
CVE-2020-27259 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Omron CX-One.
How does CVE-2020-27259 work?
CVE-2020-27259 works by exploiting a flaw in the parsing of NCI files in Omron CX-One, allowing remote attackers to execute arbitrary code.
What is the severity of CVE-2020-27259?
CVE-2020-27259 has a severity rating of 8.8 (high).
Which software products are affected by CVE-2020-27259?
Omron CX-One, Omron CX-Position, Omron Cx-protocol, and Omron Cx-server versions up to inclusive 4.60, 2.52, 2.02, and 5.0.28 respectively are affected by CVE-2020-27259.
How can CVE-2020-27259 be mitigated?
To mitigate CVE-2020-27259, it is recommended to update to the latest version of the affected software and avoid visiting malicious pages or opening malicious files.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
collector/zdi-advisory
source/ZDI
alias/ZDI-21-182
alias/ZDI-CAN-11807
alias/CVE-2020-27259
agent/software-canonical-lookup
agent/title
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/first-publish-date
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/event
collector/ics-cert-advisory
source/ICS
vendor/omron
canonical/omron cx-one
version/omron cx-one/4.60
canonical/omron cx-position
version/omron cx-position/2.52
canonical/omron cx-protocol
version/omron cx-protocol/2.02
canonical/omron cx-server
version/omron cx-server/5.0.28
canonical/omron cx-one versions 4.60 and prior, including the following applications: cx-protocol versions 2.02 and prior cx-server versions 5.0.28 and prior cx-position versions 2.52 and prior
canonical/omron cx-protocol versions 2.02 and prior
canonical/omron cx-server versions 5.0.28 and prior
canonical/omron cx-position versions 2.52 and prior