CVE-2018-8834 Information

Description

Parsing malformed project files in Omron CX-One versions 4.42 and prior including the following applications: CX-FLnet versions 1.00 and prior CX-Protocol versions 1.992 and prior CX-Programmer versions 9.65 and prior CX-Server versions 5.0.22 and prior Network Configurator versions 3.63 and prior and Switch Box Utility versions 1.68 and prior may cause a heap-based buffer overflow.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8