Sign-up

ID

VAR-202102-0318


CVE

CVE-2020-27261


TITLE

Omron CX-One NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-21-185 // ZDI: ZDI-21-183

DESCRIPTION

The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. Provided by OMRON Corporation CX-One There are multiple vulnerabilities in. ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27259 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27261 ‥ * Wrong type (CWE-843) - CVE-2020-27257The expected impact depends on each vulnerability, but it may be affected as follows. ‥ * Any memory pointer is referenced by a third party and arbitrary code is executed remotely. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of NCI files by the CX-Position application. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. ARC, etc. are all products. ARC is a software package for creating and maintaining file archives. CX-Protocol is one of the components used to create a serial communication protocol to communicate with standard serial devices. Omron CX-One etc. are the products of Japan Omron (Omron) company. Omron CX-One is an integrated toolkit. The following products and versions are affected: CX-Protocol Versions 2.02 and prior, CX-Server Versions 5.0.28 and prior, CX-Position Versions 2.52 and prior

Trust: 2.97

sources: NVD: CVE-2020-27261 // JVNDB: JVNDB-2021-001004 // ZDI: ZDI-21-185 // ZDI: ZDI-21-183 // VULHUB: VHN-370745

AFFECTED PRODUCTS

vendor:omronmodel:cx-onescope: - version: -

Trust: 1.4

vendor:omronmodel:cx-onescope:lteversion:4.60

Trust: 1.0

vendor:omronmodel:cx-positionscope:lteversion:2.52

Trust: 1.0

vendor:omronmodel:cx-serverscope:lteversion:5.0.28

Trust: 1.0

vendor:omronmodel:cx-protocolscope:lteversion:2.02

Trust: 1.0

vendor:omronmodel:cx-positionscope:eqversion:バージョン 2.52

Trust: 0.8

vendor:omronmodel:cx-protocolscope:eqversion:バージョン 2.02

Trust: 0.8

vendor:omronmodel:cx-serverscope:eqversion:バージョン 5.0.28

Trust: 0.8

sources: ZDI: ZDI-21-185 // ZDI: ZDI-21-183 // JVNDB: JVNDB-2021-001004 // NVD: CVE-2020-27261

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2021-001004
value: MEDIUM

Trust: 1.6

ZDI: CVE-2020-27261
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2020-27261
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001004
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-408
value: HIGH

Trust: 0.6

VULHUB: VHN-370745
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27261
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-370745
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

IPA score: JVNDB-2021-001004
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

ZDI: CVE-2020-27261
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2020-27261
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2021-001004
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-21-185 // ZDI: ZDI-21-183 // VULHUB: VHN-370745 // JVNDB: JVNDB-2021-001004 // JVNDB: JVNDB-2021-001004 // JVNDB: JVNDB-2021-001004 // CNNVD: CNNVD-202101-408 // NVD: CVE-2020-27261

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.8

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-843

Trust: 0.8

problemtype:CWE-822

Trust: 0.8

sources: VULHUB: VHN-370745 // JVNDB: JVNDB-2021-001004 // NVD: CVE-2020-27261

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-408

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2021-001004

PATCH
title:Omron has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02
Trust: 1.4
title:CX-One バージョンアップ プログラム ダウンロードurl:https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html
Trust: 0.8
title:CX-Protocol の更新内容 | Ver.2.03 : CX-Oneオートアップデート(V4向け_2021年1月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_protocol
Trust: 0.8
title:共通モジュール の更新内容 | − :CX-Oneオートアップデート(V4向け_2021年1月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module
Trust: 0.8
title:CX-Position の更新内容 | Ver.2.53 : CX-Oneオートアップデート(V4向け_2021年1月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_position
Trust: 0.8
title:Omron Repair measures for buffer errors and vulnerabilities in many productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138519
Trust: 0.6
sources:
            
            
            ZDI: ZDI-21-185 // 
            
            
            
            ZDI: ZDI-21-183 // 
            
            
            
            JVNDB: JVNDB-2021-001004 // 
            
            
            
            CNNVD: CNNVD-202101-408

EXTERNAL IDS
db:NVDid:CVE-2020-27261
Trust: 3.9
db:ICS CERTid:ICSA-21-007-02
Trust: 2.5
db:ZDIid:ZDI-21-185
Trust: 2.4
db:ZDIid:ZDI-21-183
Trust: 2.4
db:JVNid:JVNVU95231601
Trust: 0.8
db:JVNDBid:JVNDB-2021-001004
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-11810
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-11808
Trust: 0.7
db:AUSCERTid:ESB-2021.0077
Trust: 0.6
db:CNNVDid:CNNVD-202101-408
Trust: 0.6
db:VULHUBid:VHN-370745
Trust: 0.1
sources:
            
            
            ZDI: ZDI-21-185 // 
            
            
            
            ZDI: ZDI-21-183 // 
            
            
            
            VULHUB: VHN-370745 // 
            
            
            
            JVNDB: JVNDB-2021-001004 // 
            
            
            
            CNNVD: CNNVD-202101-408 // 
            
            
            
            NVD: CVE-2020-27261

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02
Trust: 4.5
url:https://www.zerodayinitiative.com/advisories/zdi-21-185/
Trust: 2.3
url:https://www.zerodayinitiative.com/advisories/zdi-21-183/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27257
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27259
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27261
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95231601
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2021.0077/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-21-185 // 
            
            
            
            ZDI: ZDI-21-183 // 
            
            
            
            VULHUB: VHN-370745 // 
            
            
            
            JVNDB: JVNDB-2021-001004 // 
            
            
            
            CNNVD: CNNVD-202101-408 // 
            
            
            
            NVD: CVE-2020-27261

CREDITS
rgod
Trust: 1.4
sources:
            
            
            ZDI: ZDI-21-185 // 
            
            
            
            ZDI: ZDI-21-183

SOURCES
db:ZDIid:ZDI-21-185
db:ZDIid:ZDI-21-183
db:VULHUBid:VHN-370745
db:JVNDBid:JVNDB-2021-001004
db:CNNVDid:CNNVD-202101-408
db:NVDid:CVE-2020-27261

LAST UPDATE DATE
2024-11-23T22:47:42.419000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-21-185date:2021-02-10T00:00:00
db:ZDIid:ZDI-21-183date:2021-02-10T00:00:00
db:VULHUBid:VHN-370745date:2021-02-11T00:00:00
db:JVNDBid:JVNDB-2021-001004date:2021-01-14T06:41:19
db:CNNVDid:CNNVD-202101-408date:2021-02-18T00:00:00
db:NVDid:CVE-2020-27261date:2024-11-21T05:20:57.687

SOURCES RELEASE DATE
db:ZDIid:ZDI-21-185date:2021-02-10T00:00:00
db:ZDIid:ZDI-21-183date:2021-02-10T00:00:00
db:VULHUBid:VHN-370745date:2021-02-09T00:00:00
db:JVNDBid:JVNDB-2021-001004date:2021-01-14T06:41:19
db:CNNVDid:CNNVD-202101-408date:2021-01-07T00:00:00
db:NVDid:CVE-2020-27261date:2021-02-09T15:15:13.157