Cybersecurity specialists report the detection of at least 4 vulnerabilities in CX-Position, a position control software developed by the technology firm Omron. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple hacking scenarios.
Below are brief descriptions of the reported flaws, as well as their respective tracking keys and scores assigned under the Common Vulnerability Scoring System (CVSS). These vulnerabilities were disclosed through the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
CVE-2022-26419: Multiple stack-based buffer overflow conditions when parsing a specific project file in CX-Position would allow local threat actors to execute arbitrary code on the affected system.
This vulnerability received a CVSS score of 7.8/10.
CVE-2022-25959: A memory corruption condition when processing files from specific projects would allow threat actors to execute arbitrary code on compromised systems.
The flaw received a CVSS score of 7.8/10 and is considered a medium severity error.
CVE-2022-26417: A use-after-free condition when processing a specific project file would allow malicious hackers to execute arbitrary code on the affected systems.
The flaw received a CVSS score of 7.8/10.
CVE-2022-26022: An out of bounds writing in CX-Position when processing specific project files would allow threat actors to execute arbitrary code on affected systems.
This is a flaw of medium severity and received a CVSS score of 7.8/10.
According to the report, the flaws reside in all versions of Omron CX-Position prior to v2.5.3.
In response to these reports, Omron released version 2.5.4 of the affected software, which is only available to paid users who use the auto-update feature. It is recommended to install the latest version of CX-Position as soon as possible to fully mitigate the risk of exploitation.
In addition to upgrading to the corrected version, CISA recommends that potentially affected organizations perform an impact analysis and thorough security risk assessment.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.