![]() ![]() Natnael Samson and mdm, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA. CRITICAL INFRASTRUCTURE SECTORS: Communications, Critical Manufacturing, Information Technology.A CVSS v3 base score of 7.8 has been assigned the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.ĬVE-2020-12498 has been assigned to this vulnerability. Insufficient input data validation while processing project files could result in an out-of-bounds read. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.ĬVE-2020-12497 has been assigned to this vulnerability. The following components and versions of Automation Worx Software Suite are affected:ģ.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121ĭue to insufficient input data validation while processing project files the buffer could be overflown. Successful exploitation could allow an attacker to execute arbitrary code under the privileges of the application. Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Read.Equipment: Automation Worx Software Suite. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |