CVE-2024-31413 - Vulnerability Details - OpenCVE

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00086.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Omrom	Cx-designer

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-29303	Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU98274902/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf

History

Fri, 14 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-761

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-05-01T12:54:15.483Z

Updated: 2025-03-14T14:51:31.055Z

Reserved: 2024-04-03T10:57:10.684Z

Link: CVE-2024-31413

Vulnrichment

Updated: 2024-08-02T01:52:56.897Z

NVD

Status : Awaiting Analysis

Published: 2024-05-01T13:15:52.080

Modified: 2025-03-14T15:15:40.200

Link: CVE-2024-31413

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31413", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-04-03T10:57:10.684Z", "datePublished": "2024-05-01T12:54:15.483Z", "dateUpdated": "2025-03-14T14:51:31.055Z"}, "containers": {"cna": {"affected": [{"vendor": "OMRON Corporation", "product": "CX-One CX-One CXONE-AL[][]D-V4 ", "versions": [{"version": "The version which was installed with a DVD ver. 4.61.1 or lower", "status": "affected"}, {"version": " and was updated through CX-One V4 auto update in January 2024 or prior", "status": "affected"}]}, {"vendor": "OMRON Corporation", "product": "Sysmac Studio SYSMAC-SE2[][][] ", "versions": [{"version": "The version which was installed with a DVD ver. 1.56 or lower", "status": "affected"}, {"version": " and was updated through Sysmac Studio V1 auto update in January 2024 or prior", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Free of pointer not at start of buffer", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf"}, {"url": "https://jvn.jp/en/vu/JVNVU98274902/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-05-01T12:54:15.483Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-761", "lang": "en", "description": "CWE-761 Free of Pointer not at Start of Buffer"}]}], "affected": [{"vendor": "omrom", "product": "cx-designer", "cpes": ["cpe:2.3:a:omrom:cx-designer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "*", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-01T14:49:56.532150Z", "id": "CVE-2024-31413", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T14:51:31.055Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:56.897Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU98274902/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU98274902/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:56.897Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31413", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T14:49:56.532150Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:omrom:cx-designer:*:*:*:*:*:*:*:*"], "vendor": "omrom", "product": "cx-designer", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-761", "description": "CWE-761 Free of Pointer not at Start of Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T14:59:52.823Z"}}], "cna": {"affected": [{"vendor": "OMRON Corporation", "product": "CX-One CX-One CXONE-AL[][]D-V4 ", "versions": [{"status": "affected", "version": "The version which was installed with a DVD ver. 4.61.1 or lower"}, {"status": "affected", "version": " and was updated through CX-One V4 auto update in January 2024 or prior"}]}, {"vendor": "OMRON Corporation", "product": "Sysmac Studio SYSMAC-SE2[][][] ", "versions": [{"status": "affected", "version": "The version which was installed with a DVD ver. 1.56 or lower"}, {"status": "affected", "version": " and was updated through Sysmac Studio V1 auto update in January 2024 or prior"}]}], "references": [{"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf"}, {"url": "https://jvn.jp/en/vu/JVNVU98274902/"}], "descriptions": [{"lang": "en", "value": "Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Free of pointer not at start of buffer"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-05-01T12:54:15.483Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31413", "state": "PUBLISHED", "dateUpdated": "2025-03-14T14:51:31.055Z", "dateReserved": "2024-04-03T10:57:10.684Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-05-01T12:54:15.483Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution."}, {"lang": "es", "value": "Existe una vulnerabilidad libre de puntero que no est\u00e1 al inicio del b\u00fafer en CX-One CX-One CXONE-AL[][]D-V4 (la versi\u00f3n que se instal\u00f3 con un DVD versi\u00f3n 4.61.1 o inferior y se actualiz\u00f3 a trav\u00e9s de CX- Una actualizaci\u00f3n autom\u00e1tica de V4 en enero de 2024 o antes) y Sysmac Studio SYSMAC-SE2[][][] (la versi\u00f3n que se instal\u00f3 con un DVD versi\u00f3n 1.56 o anterior y se actualiz\u00f3 mediante la actualizaci\u00f3n autom\u00e1tica de Sysmac Studio V1 en enero de 2024 o antes). previo). Abrir un archivo de proyecto especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2024-31413", "lastModified": "2025-03-14T15:15:40.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-01T13:15:52.080", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU98274902/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/en/vu/JVNVU98274902/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-002_en.pdf"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-761"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}