28 matches found
CVE-2022-21124
Summary (CVE-2022-21124): An out-of-bounds write in CX-Programmer v9.76.1 and earlier (part of CX-One v4.60) may lead to information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. Affected component is CX-Programmer; root cause is an out-of-bounds write...
CVE-2022-25230
CX-Programmer in the CX-One v4.60 suite is affected by a Use-After-Free vulnerability (CVE-2022-25230) in versions up to 9.76.1, which can trigger information disclosure or arbitrary code execution when a user opens a crafted CXP file. The issue’s root cause is a use-after-free condition in CX-Pr...
CVE-2022-25234
CVE-2022-25234 affects CX-Programmer (Omron) v9.76.1 and earlier within the CX-One v4.60 suite. It is an out-of-bounds write vulnerability that may allow information disclosure and arbitrary code execution when a user opens a specially crafted CXP file. JPCERT/CC and JVNDB summarize a fix: update...
CVE-2022-25325
CX-Programmer (part of CX-One v4.60) contains a Use-After-Free (CWE-416) in CX-Programmer v9.76.1 and earlier, triggered by opening a specially crafted CXP file, leading to information disclosure and/or arbitrary code execution. The vulnerability is corroborated by multiple sources (e.g., JVNDB-2...
CVE-2022-21219
CVE-2022-21219 affects Omron CX-Programmer v9.76.1 and earlier (CX-One v4.60) where opening a specially crafted CXP file triggers an out-of-bounds read, causing information disclosure and potential arbitrary code execution. Affected products/versions are stated across multiple sources (NVD/Red Ha...
CVE-2022-31204
CVE-2022-31204 affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs prior to the listed mitigations. The root cause is cleartext transmission of the engineering password used for UM Protection (Program Area Protect/Program Area Protect Clear), enabling unauthorized access to restricted engi...
CVE-2022-43509
CX-Programmer up to v9.77 contains an out-of-bounds write (CWE-787) vulnerability that can lead to information disclosure or arbitrary code execution when a user opens a specially crafted CXP file. CVE-2022-43509 is assigned; CVSS v3 base score 7.8 (L: Local, L: Low, N: None, UI: Required, C/I/A:...
CVE-2018-7514
CVE-2018-7514 affects Omron CX-One 4.42 and earlier, including CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, and Switch Box Utility. Multiple sources describe a stack-based (and in some cases heap-based) buffer overflow caused by processing malformed project files or cert...
CVE-2015-0987
CVE-2015-0987 affects Omron CX-One CX-Programmer (pre-9.6) and CJ2M/CJ2H PLCs (pre-2.1/1.5). The underlying issue is cleartext transmission of passwords to unlock PLCs, enabling an attacker who can sniff network traffic to obtain sensitive information. The NVD/NIST entry, ICS-CERT advisory, and N...
CVE-2018-18993
CVE-2018-18993 relates to two stack-based buffer overflow vulnerabilities in Omron CX-One (CX-Position module) affecting CX-One v4.42 and earlier, including CX-Programmer v9.66 and earlier and CX-Server v5.0.23 and earlier. The flaws occur when processing project files, allowing input data to exc...
CVE-2023-22277
CVE-2023-22277 describes a use-after-free in CX-Programmer (version 9.79 and earlier) triggered by opening a specially crafted CXP file, potentially enabling information disclosure and/or arbitrary code execution. Connected documents (e.g., Red Hat CVEs) reiterate the same issue. The provided con...
CVE-2022-3397
Omron CX-Programmer is affected: version 9.78 and earlier contain an Out-of-Bounds Write in the CXP file parser that can allow arbitrary code execution. Exploitation described as requiring user interaction (e.g., visiting a malicious page or opening a malicious file) with remote-code-execution po...
CVE-2022-3398
The CVE-2022-3398 issue affects Omron CX-Programmer, specifically version 9.78 and earlier. The root cause is an Out-of-Bounds Write in the CX-P.exe/file parsing that can allow arbitrary code execution. In practice, the vulnerability pertains to CX-Programmer software (not a network service) and ...
CVE-2022-43508
CVE-2022-43508 affects Omron CX-Programmer (versions 9.77 and earlier). The connected sources describe a use-after-free vulnerability in CX-Programmer that can lead to information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. Public details consistentl...
CVE-2022-43667
CX-Programmer vulnerability CVE-2022-43667 is a stack-based buffer overflow in Omron CX-Programmer (versions 9.77 and earlier). The issue can lead to information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. Documented impact is confined to local attac...
CVE-2015-1015
CVE-2015-1015 affects Omron CX-One CX-Programmer (prior to v9.6) and CJ2M (prior to v2.1) / CJ2H PLC devices (prior to v1.5). The issue is storing passwords in a recoverable/reversible format in object files on Compact Flash, enabling local users to read sensitive information from files. Impact i...
CVE-2018-7530
The CVE-2018-7530 issue is a Type Confusion in Omron CX-One and its integrated apps (e.g., CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility) triggered by parsing malformed project files. This can cause the pointer to call an incorrect object, leading to an...
CVE-2023-22314
Technical details for CVE-2023-22314 are not publicly available in the provided documents; monitoring for updates is advised.
CVE-2015-0988
CVE-2015-0988 affects Omron CX-One CX-Programmer (before 9.6). Root cause: passwords stored in a recoverable format in project/source files (and on CF cards), allowing local users to obtain sensitive information by reading files. Mitigation: upgrade to CX-Programmer 9.6 and CJ2M PLC 2.1 / CJ2H PL...
CVE-2019-6556
CVE-2019-6556 affects Omron CX-Programmer v9.70 and older (within CX-One) and Common Components January 2019 and older. The flaw is a use-after-free during processing of CX project files, allowing an attacker who can entice a user to open a crafted project to execute code with the application’s p...
CVE-2023-22317
CVE-2023-22317 concerns CX-Programmer versions 9.79 and earlier. The vulnerability is a use-after-free in the handling of a specially crafted CXP file, which can lead to information disclosure or arbitrary code execution. The available connected documents corroborate a use-after-free root cause a...
CVE-2018-8834
CVE-2018-8834 affects Omron CX-One and integrated tools (CX-FLnet, CX-Protocol, CX-Programmer, CX-Server, Network Configurator, Switch Box Utility). The issue is a heap-based buffer overflow caused by improper input handling while parsing project/configuration data (e.g., FLN/NVF/Version/Node Nam...
CVE-2022-3396
Omron CX-Programmer is affected by CVE-2022-3396 (and related CVEs in the same family) through versions 9.78 and earlier. The vulnerability is an Out-of-Bounds Write in the CX-ProgrammER parsing/handling of input that may allow arbitrary code execution. The affected product is Omron CX-Programmer...
CVE-2023-38748
CVE-2023-38748 affects Omron CX-Programmer (CX-One CXONE-AL[][]D-V4) versions 9.80 and earlier. The root cause is a Use-after-Free vulnerability in handling CXP files, leading to information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. The JVN/DH and ...
CVE-2018-18989
The CVE-2018-18989 issue in Omron CX-One involves a use-after-free in CX-One’s CX-Programmer (v9.66 and earlier) and CX-Server (v5.0.23 and earlier) when processing project files. The vulnerability arises from not verifying references to freed memory, enabling an attacker to craft a project file ...
CVE-2022-2979
CVE-2022-2979 – Omron CX-Programmer is a use-after-free vulnerability in CX-One/CX-Programmer before v9.78. Opening a specially crafted file can cause memory reference not to be released, potentially enabling arbitrary code execution. The issue is documented by multiple sources (CISA ICS advisory...
CVE-2023-38746
CVE-2023-38746 affects CX-Programmer (CX-One CXONE-AL[][]D-V4, v9.80 and earlier). The vulnerability is an out-of-bounds read in the handling of CXP files, leading to information disclosure and potentially arbitrary code execution. The issue is addressed by updating to CX-Programmer/CX-One versio...
CVE-2023-38747
CVE-2023-38747 affects Omron CX-Programmer (included in CX-One CXONE-AL[][]D-V4) version 9.80 and earlier. The flaw is a heap-based buffer overflow triggered by opening a specially crafted CXP file, leading to information disclosure and/or arbitrary code execution. Mitigation is to upgrade to CX-...