Headline
CVE-2023-27385: Heap-based buffer overflow vulnerability in OMRON CX-Drive
Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.
Published:2023/04/24 Last Updated:2023/04/24
Overview
OMRON CX-Drive contains a heap-based buffer overflow vulnerability.
Products Affected
- CX-Drive All models V3.01 and earlier
To check the product names and versions, refer to the manual "CX-Drive Operation User’s Manual (W453-E1)" provided by the developer.
Description
CX-Drive provided by OMRON Corporation contains a heap-based buffer overflow vulnerability (CWE-122, CVE-2023-27385).
Impact
By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.
Solution
Apply Workarounds
Applying the workarounds may mitigate the impacts of this vulnerability.
For the details of the workarounds, refer to the information provided by the developer under [Vendor Status] section.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector(AV)
Physical §
Local (L)
Adjacent (A)
Network (N)
Attack Complexity(AC)
High (H)
Low (L)
Privileges Required(PR)
High (H)
Low (L)
None (N)
User Interaction(UI)
Required ®
None (N)
Scope(S)
Unchanged (U)
Changed ©
Confidentiality Impact©
None (N)
Low (L)
High (H)
Integrity Impact(I)
None (N)
Low (L)
High (H)
Availability Impact(A)
None (N)
Low (L)
High (H)
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
CVE-2023-27385
JVN iPedia