CVE-2022-21219

CVE-2022-21219 affects Omron CX-Programmer v9.76.1 and earlier (CX-One v4.60) where opening a specially crafted CXP file triggers an out-of-bounds read, causing information disclosure and potential arbitrary code execution. Affected products/versions are stated across multiple sources (NVD/Red Ha...

CVE-2022-21219

Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One v4.60 suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file...

CVE-2022-21124

Summary (CVE-2022-21124): An out-of-bounds write in CX-Programmer v9.76.1 and earlier (part of CX-One v4.60) may lead to information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. Affected component is CX-Programmer; root cause is an out-of-bounds write...

CVE-2022-21124

Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One v4.60 suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-2523...

Omron CX-Programmer 资源管理错误漏洞

Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron, Japan. A security vulnerability exists in CX-Programmer v9.76.1 and earlier versions, which can be exploited by an attacker to trick a user into opening a carefully crafted CXP file to cause information...

Omron CX-Programmer资源管理错误漏洞

Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron, Japan. A security vulnerability exists in CX-Programmer v9.76.1 and earlier versions, which can be exploited by an attacker to cause a user to open a carefully crafted CXP file to cause information...

Omron CX-Programmer缓冲区错误漏洞

Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron, Japan. A security vulnerability exists in CX-Programmer v9.76.1 and earlier versions, which can be exploited by an attacker to cause a user to open a carefully crafted CXP file, leading to information...

Omron CX-Programmer缓冲区错误漏洞

Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron, Japan. A security vulnerability exists in CX-Programmer v9.76.1 and earlier versions, which can be exploited by an attacker to trick a user into opening a carefully crafted CXP file to cause information...

OMRON CX-One CX-Programmer Program Use after Free (CVE-2019-6556)

A use-after-free vulnerability exists in OMRON CX-One CX-Programmer module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Omron Cx-programmer Exposure of Sensitive Information to an Unauthorized Actor

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. File data ot500185.nasl...

Omron Cx-programmer Exposure of Sensitive Information to an Unauthorized Actor

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. File data ot500217.nasl...

OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-6556

When processing project files, the application Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the...

Code injection

When processing project files, the application Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the...

CVE-2019-6556

When processing project files, the application Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the...

CVE-2019-6556

CVE-2019-6556 affects Omron CX-Programmer v9.70 and older (within CX-One) and Common Components January 2019 and older. The flaw is a use-after-free during processing of CX project files, allowing an attacker who can entice a user to open a crafted project to execute code with the application’s p...

Omron CX-Programmer

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Programmer within CX-One Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the...

The vulnerability of the Omron CX-Programmer development environment arises from buffer overflows in the stack, allowing attackers to execute arbitrary code.

The vulnerability of the Omron CX-Programmer, designed for programming and configuring Omron PLCs, as well as for configuring compatibility between Omron CX-Servers within the Omron CX-One software suite, arises due to buffer overflow in the stack. Exploiting this vulnerability allows an attacker...

The vulnerability of the Omron CX-Programmer development environment lies in the use of memory after it is freed, allowing a malicious actor to execute arbitrary code.

The vulnerability of the Omron CX-Programmer, designed for programming and configuring Omron PLCs, as well as for enabling compatibility between Omron CX-Servers within the Omron CX-One software suite, lies in the use of memory after it is freed. Exploiting this vulnerability could allow an...

OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue results from the lack of...