CVE-2020-27261
moderate-risk
Published 2021-02-09
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
Do I need to act?
~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Cx-One
Cx-Position
Cx-Protocol
Cx-Server
Affected Vendors
References (6)
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-183/
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-185/
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-183/
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-185/
44
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
4/34 · Minimal
Exposure
10/34 · Low