CVE-2020-27261: Omron CX-One NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
First published: Tue Feb 09 2021(Updated: )
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron CX-One | <=4.60 | |
| Omron CX-Position | <=2.52 | |
| Omron Cx-protocol | <=2.02 | |
| Omron Cx-server | <=5.0.28 | |
| Omron CX-One | ||
| Omron CX-One Versions 4.60 and prior, including the following applications: CX-Protocol Versions 2.02 and prior CX-Server Versions 5.0.28 and prior CX-Position Versions 2.52 and prior | ||
| Omron CX-Protocol Versions 2.02 and prior | ||
| Omron CX-Server Versions 5.0.28 and prior | ||
| Omron CX-Position Versions 2.52 and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-27261?
CVE-2020-27261 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Omron CX-One.
How can the CVE-2020-27261 vulnerability be exploited?
The CVE-2020-27261 vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file, to be exploited.
Which software installations are affected by CVE-2020-27261?
The CVE-2020-27261 vulnerability affects installations of Omron CX-One, Omron CX-Position, Omron Cx-protocol, and Omron Cx-server.
What is the severity of CVE-2020-27261?
CVE-2020-27261 has a severity rating of 8.8 (High).
Are there any recommended mitigations or fixes for CVE-2020-27261?
It is recommended to apply the necessary updates and security patches provided by Omron to mitigate the vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-185
- alias/ZDI-CAN-11810
- alias/CVE-2020-27261
- agent/software-canonical-lookup
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- alias/ZDI-21-183
- alias/ZDI-CAN-11808
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ics-cert-advisory
- source/ICS
- vendor/omron
- canonical/omron cx-one
- version/omron cx-one/4.60
- canonical/omron cx-position
- version/omron cx-position/2.52
- canonical/omron cx-protocol
- version/omron cx-protocol/2.02
- canonical/omron cx-server
- version/omron cx-server/5.0.28
- canonical/omron cx-one versions 4.60 and prior, including the following applications: cx-protocol versions 2.02 and prior cx-server versions 5.0.28 and prior cx-position versions 2.52 and prior
- canonical/omron cx-protocol versions 2.02 and prior
- canonical/omron cx-server versions 5.0.28 and prior
- canonical/omron cx-position versions 2.52 and prior