CVE-2023-38748

2023-08-0305:09:16

jpcert

www.cve.org

cx-programmer

cx-one

use after free

information disclosure

arbitrary code execution

cve-2023-38748

0.001 Low

EPSS

Percentile

32.4%

JSON

Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.

CNA Affected

[
  {
    "vendor": "OMRON Corporation",
    "product": "CX-Programmer",
    "versions": [
      {
        "version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU93286117/

www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for CVELIST:CVE-2023-38748