Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38748 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | |||||
| CVE-2023-38747 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | |||||
| CVE-2023-38746 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | |||||
| CVE-2023-22314 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317. | |||||
| CVE-2023-22317 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314. | |||||
| CVE-2023-22277 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314. | |||||
| CVE-2022-43667 | 1 Omron | 1 Cx-programmer | 2022-12-09 | N/A | 7.8 HIGH |
| Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-43508 | 1 Omron | 1 Cx-programmer | 2022-12-09 | N/A | 7.8 HIGH |
| Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-43509 | 1 Omron | 1 Cx-programmer | 2022-12-09 | N/A | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-3397 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
| OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-3398 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
| OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-3396 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
| OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-2979 | 1 Omron | 1 Cx-programmer | 2022-09-15 | N/A | 7.8 HIGH |
| Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. | |||||
| CVE-2022-31204 | 1 Omron | 15 Cp1w-cif41, Cp1w-cif41 Firmware, Cx-programmer and 12 more | 2022-08-04 | N/A | 7.5 HIGH |
| Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. | |||||
| CVE-2022-21124 | 1 Omron | 1 Cx-programmer | 2022-06-16 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. | |||||
| CVE-2022-25325 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. | |||||
| CVE-2022-25230 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. | |||||
| CVE-2022-25234 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. | |||||
| CVE-2022-21219 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2018-7514 | 1 Omron | 7 Cx-flnet, Cx-one, Cx-programmer and 4 more | 2020-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow. | |||||