Published:2022/12/19 Last Updated:2022/12/19
JVNVU#92689335
Use-after-free vulnerability in Omron CX-Drive
Overview
OMRON CX-Drive contains a use-after-free vulnerability.
Products Affected
- CX-Drive V3.00 and earlier
Description
CX-Drive provided by Omron Corporation contains a use-after-free vulnerability (CWE-416).
Impact
By having a user to open a specially crafted file, arbitrary code may be executed.
Solution
Apply Workarounds
Applying the following workarounds may mitigate the impact of this vulnerability.
For more information, refer to the information provided by the developer under [Vendor Status] section's [Status (Vulnerable)] page.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score:
7.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-46282 |
| JVN iPedia |
|