← back
CVE-2019-6556

CVE-2019-6556

EPSS 1.2%CWE-416
When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Affected products
Omron · CX-Programmer within CX-One

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01https://www.zerodayinitiative.com/advisories/ZDI-19-344/