CVE-2024-31413

Summary

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
OMRON CorporationCX-One CX-One CXONE-AL[][]D-V4The version which was installed with a DVD ver. 4.61.1 or loweraffected
OMRON CorporationCX-One CX-One CXONE-AL[][]D-V4and was updated through CX-One V4 auto update in January 2024 or prioraffected
OMRON CorporationSysmac Studio SYSMAC-SE2[][][]The version which was installed with a DVD ver. 1.56 or loweraffected
OMRON CorporationSysmac Studio SYSMAC-SE2[][][]and was updated through Sysmac Studio V1 auto update in January 2024 or prioraffected

Weaknesses

  • Free of pointer not at start of buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References