7.8 CVE-2023-22366

 

CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
https://nvd.nist.gov/vuln/detail/CVE-2023-22366

Categories

CWE-824 : Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized. chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824). Pointer in structure is not initialized, leading to NULL pointer dereference (CWE-476) and system crash. Free of an uninitialized pointer. Improper handling of invalid signatures leads to free of invalid pointer. Invalid encoding triggers free of uninitialized pointer. Crafted PNG image leads to free of uninitialized pointer. Crafted GIF image leads to free of uninitialized pointer. Access of uninitialized pointer might lead to code execution. Step-based manipulation: invocation of debugging function before the primary initialization function leads to access of an uninitialized pointer and code execution. Unchecked return values can lead to a write to an uninitialized pointer. zero-length input leads to free of uninitialized pointer. Crafted font leads to uninitialized function pointer. Uninitialized function pointer in freed memory is invoked LDAP server mishandles malformed BER queries, leading to free of uninitialized memory Firewall can crash with certain ICMP packets that trigger access of an uninitialized pointer. LDAP server does not initialize members of structs, which leads to free of uninitialized pointer if an LDAP request fails.

References


 

CPE

cpe start end
Configuration 1
   cpe:2.3:o:omron:cx-motion-mch_firmware:*:*:*:*:*:*:*:* < 2.33
  Running on/with
  cpe:2.3:h:omron:cx-motion-mch:-:*:*:*:*:*:*:*

Exploits

Exploit-db.com
id description date
No known exploits
Other (github, ...)
Url
No known exploits

CAPEC

id description severity
No entry

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution