CVE-2024-31413

01.05.2024, 13:15

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
jpcert	CNA	---				---
CISA-ADP	ADP	5.9 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Common Weakness Enumeration

CWE-761 - Free of Pointer not at Start of Buffer
The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.

References

https://jvn.jp/en/vu/JVNVU98274902/

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf

https://jvn.jp/en/vu/JVNVU98274902/

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf