CVE-2022-25959

Omron CX-Position versions 2.5.3 and prior is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code...

CVE-2022-26419

Omron CX-Position versions 2.5.3 and prior is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code...

CVE-2022-26417

Omron CX-Position versions 2.5.3 and prior is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code...

CVE-2022-26022

Omron CX-Position versions 2.5.3 and prior is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code...

Stack overflow

Omron CX-Position versions 2.5.3 and prior is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code...

PT-2022-5876 · Omron · Omron Cx-Position

Name of the Vulnerable Software and Affected Versions: Omron CX-Position versions 2.5.3 and prior Description: The issue is related to an out-of-bounds write in memory, which can be exploited to execute arbitrary code. This occurs while processing a specific project file. Recommendations: For Omr...

Omron CX-Position 缓冲区错误漏洞

Omron CX-Position is a position control software from Omron Corporation of Japan. Simplifies all aspects of position control, from creating/editing data used in a position control unit NC unit to online communication and monitoring operations.Omron CX-Position suffers from a buffer overflow...

Omron CX-Position 缓冲区错误漏洞

Omron CX-Position is a position control software from Omron Corporation of Japan. An out-of-bounds write vulnerability exists in Omron CX-Position, which stems from a failure to properly validate data when a program performs an operation in memory while processing a specific project file, and cou...

CVE-2021-22797

CVE-2021-22797 is a CWE-22 path traversal vulnerability in Schneider Electric EcoStruxure Control Expert (incl. Unity Pro), EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70. The root cause is improper validation of a user-supplied path when loading a malicious project file, which c...

CVE-2021-44477

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2021-44768

Delta Electronics CNCSoft Version 1.01.30 and prior is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information...

CVE-2021-44462

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...

CVE-2021-44462

CVE-2021-44462 affects Horner Automation Cscape EnvisionRV (v4.50.3.1 and prior). The vulnerability stems from improper input validation (CWE-20), allowing reads/writes past the end of allocated data structures when parsing maliciously crafted project files. Exploitation requires user interaction...

CVE-2021-44462 Horner Automation Cscape EnvisionRV Improper Input Validation

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...

CVE-2022-0551

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

CVE-2020-16232

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file...

CVE-2020-16232

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file...

Buffer overflow

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file...

CVE-2020-16232 Yokogawa WideField3 Buffer Copy Without Checking Size of Input

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file...

MISP 安全漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics with features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.156, which stems from a local...