Rewterz Threat Advisory – CVE-2022-27641 – NETGEAR Vulnerability
March 31, 2022Rewterz Threat Advisory – ICS: Philips e-Alert Vulnerability
March 31, 2022Rewterz Threat Advisory – CVE-2022-27641 – NETGEAR Vulnerability
March 31, 2022Rewterz Threat Advisory – ICS: Philips e-Alert Vulnerability
March 31, 2022Severity
High
Analysis Summary
CVE-2022-26419
The affected product is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.
CVE-2022-25959
The affected product is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.
CVE-2022-26417
The affected product is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.
CVE-2022-26022
The affected product is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.
A CVSS v3 base score of 7.8 has been assigned to ALL the above mentioned vulnerabilities.
Impact
- Code Execution
Affected Vendors
- Omron
Affected Products
- CX-Position Versions 2.5.3 and prior
Remediation
Refer to the vendor website for the mitigations and patch updates here