Cx Supervisor
by Emerson
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27482 | Cri | 0.71 | 10.0 | 0.72 | Mar 8, 2023 | homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1… | ||
| CVE-2019-18251 | Hig | 0.57 | 8.8 | 0.02 | Nov 26, 2019 | In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. | ||
| CVE-2018-19017 | Hig | 0.57 | 8.8 | 0.02 | Jan 22, 2019 | Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute… | ||
| CVE-2018-19011 | Hig | 0.57 | 8.8 | 0.02 | Jan 22, 2019 | CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. | ||
| CVE-2018-17913 | Hig | 0.51 | 7.8 | 0.02 | Nov 5, 2018 | A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. | ||
| CVE-2018-17909 | Hig | 0.51 | 7.8 | 0.02 | Nov 5, 2018 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. | ||
| CVE-2018-17905 | Hig | 0.51 | 7.8 | 0.01 | Nov 5, 2018 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. | ||
| CVE-2018-19018 | Hig | 0.48 | 7.3 | 0.01 | Feb 12, 2019 | An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||
| CVE-2018-19015 | Hig | 0.48 | 7.3 | 0.01 | Jan 28, 2019 | An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. | ||
| CVE-2018-19019 | Hig | 0.48 | 7.3 | 0.01 | Jan 22, 2019 | A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||
| CVE-2021-20836 | Med | 0.42 | 6.5 | 0.01 | Oct 19, 2021 | Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files. | ||
| CVE-2018-7525 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. | ||
| CVE-2018-7523 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. | ||
| CVE-2018-7521 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. | ||
| CVE-2018-7519 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. | ||
| CVE-2018-7517 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. | ||
| CVE-2018-7513 | Med | 0.34 | 5.3 | 0.00 | Mar 21, 2018 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. | ||
| CVE-2018-19020 | Med | 0.33 | 5.0 | 0.01 | Feb 12, 2019 | When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array. | ||
| CVE-2018-19013 | Med | 0.33 | 5.0 | 0.01 | Jan 22, 2019 | An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | ||
| CVE-2025-11887 | Med | 0.28 | 4.3 | 0.00 | Oct 24, 2025 | The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and… |
- risk 0.71cvss 10.0epss 0.72
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1…
- risk 0.57cvss 8.8epss 0.02
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.
- risk 0.57cvss 8.8epss 0.02
Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute…
- risk 0.57cvss 8.8epss 0.02
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.
- risk 0.51cvss 7.8epss 0.02
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.
- risk 0.51cvss 7.8epss 0.02
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
- risk 0.51cvss 7.8epss 0.01
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.
- risk 0.48cvss 7.3epss 0.01
An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- risk 0.48cvss 7.3epss 0.01
An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.
- risk 0.48cvss 7.3epss 0.01
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- risk 0.42cvss 6.5epss 0.01
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability.
- risk 0.34cvss 5.3epss 0.00
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.
- risk 0.33cvss 5.0epss 0.01
When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.
- risk 0.33cvss 5.0epss 0.01
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.
- risk 0.28cvss 4.3epss 0.00
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and…
Page 1 of 2