Vulnerability Description
When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omron | Common Components | <= 2019-01 |
| Omron | Cx-Programmer | <= 9.70 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01MitigationThird Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-19-344/
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01MitigationThird Party AdvisoryUS Government Resource
- https://www.zerodayinitiative.com/advisories/ZDI-19-344/
FAQ
What is CVE-2019-6556?
CVE-2019-6556 is a vulnerability with a CVSS score of 6.6 (MEDIUM). When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could us...
How severe is CVE-2019-6556?
CVE-2019-6556 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6556?
Check the references section above for vendor advisories and patch information. Affected products include: Omron Common Components, Omron Cx-Programmer.