7 matches found
CVE-2022-21124
Summary (CVE-2022-21124): An out-of-bounds write in CX-Programmer v9.76.1 and earlier (part of CX-One v4.60) may lead to information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. Affected component is CX-Programmer; root cause is an out-of-bounds write...
CVE-2022-25230
CX-Programmer in the CX-One v4.60 suite is affected by a Use-After-Free vulnerability (CVE-2022-25230) in versions up to 9.76.1, which can trigger information disclosure or arbitrary code execution when a user opens a crafted CXP file. The issue’s root cause is a use-after-free condition in CX-Pr...
CVE-2022-25234
CVE-2022-25234 affects CX-Programmer (Omron) v9.76.1 and earlier within the CX-One v4.60 suite. It is an out-of-bounds write vulnerability that may allow information disclosure and arbitrary code execution when a user opens a specially crafted CXP file. JPCERT/CC and JVNDB summarize a fix: update...
CVE-2022-25325
CX-Programmer (part of CX-One v4.60) contains a Use-After-Free (CWE-416) in CX-Programmer v9.76.1 and earlier, triggered by opening a specially crafted CXP file, leading to information disclosure and/or arbitrary code execution. The vulnerability is corroborated by multiple sources (e.g., JVNDB-2...
CVE-2022-21219
CVE-2022-21219 affects Omron CX-Programmer v9.76.1 and earlier (CX-One v4.60) where opening a specially crafted CXP file triggers an out-of-bounds read, causing information disclosure and potential arbitrary code execution. Affected products/versions are stated across multiple sources (NVD/Red Ha...
CVE-2022-31204
CVE-2022-31204 affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs prior to the listed mitigations. The root cause is cleartext transmission of the engineering password used for UM Protection (Program Area Protect/Program Area Protect Clear), enabling unauthorized access to restricted engi...
CVE-2022-2979
CVE-2022-2979 – Omron CX-Programmer is a use-after-free vulnerability in CX-One/CX-Programmer before v9.78. Opening a specially crafted file can cause memory reference not to be released, potentially enabling arbitrary code execution. The issue is documented by multiple sources (CISA ICS advisory...