CVE-2021-20836
First published: Tue Oct 19 2021(Updated: )
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron CX-Supervisor | =4.0.0.13 | |
| Omron CX-Supervisor | =4.0.0.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this out-of-bounds read vulnerability?
The vulnerability ID is CVE-2021-20836.
Which software versions are affected by this vulnerability?
CX-Supervisor v4.0.0.13 and v4.0.0.16 are affected by this vulnerability.
What can an attacker with administrative privileges do with this vulnerability?
An attacker with administrative privileges can cause information disclosure and/or arbitrary code execution.
How can I fix this vulnerability?
Upgrade CX-Supervisor to a version that is not affected by this vulnerability.
What is the severity of CVE-2021-20836?
The severity of CVE-2021-20836 is medium with a CVSS score of 6.5.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/omron
- canonical/omron cx-supervisor
- version/omron cx-supervisor/4.0.0.13
- version/omron cx-supervisor/4.0.0.16