CVE-2022-46282: Use-after-free vulnerability in Omron CX-Drive

Published:2022/12/19 Last Updated:2022/12/19

Overview

OMRON CX-Drive contains a use-after-free vulnerability.

Products Affected

• CX-Drive V3.00 and earlier

To check the product names and versions, refer to the manual "CX-Drive Operation User’s Manual (SBCE-375)" provided by the developer.

Description

CX-Drive provided by Omron Corporation contains a use-after-free vulnerability (CWE-416).

Impact

By having a user to open a specially crafted file, arbitrary code may be executed.

Solution

Apply Workarounds
Applying the following workarounds may mitigate the impact of this vulnerability.
For more information, refer to the information provided by the developer under [Vendor Status] section’s [Status (Vulnerable)] page.

Vendor Status

Vendor

Status

Last Update

Vendor Notes

OMRON Corporation

Vulnerable

2022/12/19

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector(AV)

Physical §

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required ®

None (N)

Scope(S)

Unchanged (U)

Changed ©

Confidentiality Impact©

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

Credit

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert

JPCERT Reports

CERT Advisory

CPNI Advisory

TRnotes

CVE

CVE-2022-46282

JVN iPedia