Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.

When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.

An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.

An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.

Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.

A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.