Rewterz

Rewterz Threat Advisory – CVE-2022-27641 – NETGEAR Vulnerability

March 31, 2022
Rewterz

Rewterz Threat Advisory – ICS: Philips e-Alert Vulnerability

March 31, 2022

Rewterz Threat Advisory – ICS: Omron CX-Position Vulnerability

Severity

High

Analysis Summary

CVE-2022-26419

The affected product is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.

CVE-2022-25959

The affected product is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.

CVE-2022-26417

The affected product is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.

CVE-2022-26022

The affected product is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.

A CVSS v3 base score of 7.8 has been assigned to ALL the above mentioned vulnerabilities.

Impact

  • Code Execution

Affected Vendors

  • Omron

Affected Products

  • CX-Position Versions 2.5.3 and prior

Remediation

Refer to the vendor website for the mitigations and patch updates here

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.