Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B
January 8, 2021Rewterz Threat Advisory – ICS: Eaton EASYsoft
January 8, 2021Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B
January 8, 2021Rewterz Threat Advisory – ICS: Eaton EASYsoft
January 8, 2021Severity
Medium
Analysis Summary
CVE-2020-27259
The affected product may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-27261
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-27257
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition.
Impact
Execute arbitrary code
Affected Vendors
Omron
Affected Products
- CX-Protocol Versions 2.02 and prior
- CX-Server Versions 5.0.28 and prior
- CX-Position Versions 2.52 and prior
Remediation
Omron has released an updated version of CX-One to address the reported vulnerabilities. These releases are available through the CX-One auto-update service and are as follows:
- CX-Protocol Version 2.03
- CX-Server Version 5.0.29
- CX-Position Version 2.53