Cybersecurity specialists report the detection of at least 4 vulnerabilities in CX-Position, a position control software developed by the technology firm Omron. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple hacking scenarios.

Below are brief descriptions of the reported flaws, as well as their respective tracking keys and scores assigned under the Common Vulnerability Scoring System (CVSS). These vulnerabilities were disclosed through the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

CVE-2022-26419: Multiple stack-based buffer overflow conditions when parsing a specific project file in CX-Position would allow local threat actors to execute arbitrary code on the affected system.

This vulnerability received a CVSS score of 7.8/10.

CVE-2022-25959: A memory corruption condition when processing files from specific projects would allow threat actors to execute arbitrary code on compromised systems.

The flaw received a CVSS score of 7.8/10 and is considered a medium severity error.

CVE-2022-26417: A use-after-free condition when processing a specific project file would allow malicious hackers to execute arbitrary code on the affected systems.

The flaw received a CVSS score of 7.8/10.

CVE-2022-26022: An out of bounds writing in CX-Position when processing specific project files would allow threat actors to execute arbitrary code on affected systems.

This is a flaw of medium severity and received a CVSS score of 7.8/10.

According to the report, the flaws reside in all versions of Omron CX-Position prior to v2.5.3.

In response to these reports, Omron released version 2.5.4 of the affected software, which is only available to paid users who use the auto-update feature. It is recommended to install the latest version of CX-Position as soon as possible to fully mitigate the risk of exploitation.

In addition to upgrading to the corrected version, CISA recommends that potentially affected organizations perform an impact analysis and thorough security risk assessment.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 4 critical vulnerabilities in Omron CX-Position enable malicious code execution appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Important memory leak vulnerabilities in F5 firewalls: Patch immediately

Information security specialists reported the detection of two security flaws affecting several…

Critical remote code execution & buffer overflow vulnerabilities in Adobe Photoshop. Patch now

Cybersecurity specialists report the detection of two severe vulnerabilities in Adobe Photoshop,…

Researchers discover technique that allows bypassing Let’s Encrypt domain validation and allows fake SSL certificates

Researcher Haya Shulman of the Fraunhofer Institute for Secure Information Technology in…

Critical remote code execution vulnerability in Atlassian Bitbucket Data Center: Update immediately

This week Atlassian issued a security report announcing the fix of CVE-2022-26133,…