CVE-2023-22317

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314...

CVE-2023-22317

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314...

CVE-2023-22317

CVE-2023-22317 concerns CX-Programmer versions 9.79 and earlier. The vulnerability is a use-after-free in the handling of a specially crafted CXP file, which can lead to information disclosure or arbitrary code execution. The available connected documents corroborate a use-after-free root cause a...

CVE-2023-38748

Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38747

Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38747

Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

Design/Logic Flaw

Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

Heap overflow

Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38746

Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38746

Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

Design/Logic Flaw

Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38748

Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38748

Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38747

CVE-2023-38747 affects Omron CX-Programmer (included in CX-One CXONE-AL[][]D-V4) version 9.80 and earlier. The flaw is a heap-based buffer overflow triggered by opening a specially crafted CXP file, leading to information disclosure and/or arbitrary code execution. Mitigation is to upgrade to CX-...

CVE-2023-38747

Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38747

Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38746

Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

CVE-2023-38746

CVE-2023-38746 affects CX-Programmer (CX-One CXONE-AL[][]D-V4, v9.80 and earlier). The vulnerability is an out-of-bounds read in the handling of CXP files, leading to information disclosure and potentially arbitrary code execution. The issue is addressed by updating to CX-Programmer/CX-One versio...

CVE-2023-38746

Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-ALD-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur...

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-38746 Heap-based buffer overflow CWE-122 - CVE-2023-38747 Use after free CWE-416 - CVE-2023-38748 Michael Heinzl reported these vulnerabilities to JPCERT/CC...