Intrusion Prevention

OMRON.CX-One.CX-Programmer.Program.Use.after.Free

Description

This indicates an attack attempt to exploit a Use After Free Vulnerability in OMRON CX-One CX-Programmer.
A remote attacker may exploit this vulnerability by enticing the victim to open a CX-Programmer application with the crafted .cxp or .cxt project file using a vulnerable version of the software. Successful exploitation could lead to arbitrary code execution under the security context of the user. Unsuccessful exploitation would lead to a hang or termination of the application.

Affected Products

OMRON Common Components January 2019 and prior
OMRON CX-One CX-Programmer 9.70 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the ICSA advisory for updates.
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01

CVE References

CVE-2019-6556

Other References

ICSA-19-094-01