CVE-2019-6556

low-risk

Published 2019-04-10

When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.6/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Common Components

Cx-Programmer

Affected Vendors

Omron

References (4)

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01

https://www.zerodayinitiative.com/advisories/ZDI-19-344/

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01

https://www.zerodayinitiative.com/advisories/ZDI-19-344/

/ 100

low-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 7/34 · Low