CVE-2024-31413

low-risk
Published 2024-05-01

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
LOCAL / LOW complexity

References (4)

https://jvn.jp/en/vu/JVNVU98274902/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf
https://jvn.jp/en/vu/JVNVU98274902/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf
24
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal