Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
78 vulnerabilities found for cx-programmer by omron
VAR-202209-0069
Vulnerability from variot - Updated: 2024-06-13 23:36Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Provided by Omron Corporation CX-Programmer freed memory usage ( use-after-free ) vulnerability ( CWE-416 , CVE-2022-2979 ) Exists. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software developed by Japan's Omron Corporation. Omron CX-Programmer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.78"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "9.78 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.78",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"cve": "CVE-2022-2979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002344",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002344",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-737",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-737"
},
{
"db": "NVD",
"id": "CVE-2022-2979"
},
{
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Provided by Omron Corporation CX-Programmer freed memory usage ( use-after-free ) vulnerability ( CWE-416 , CVE-2022-2979 ) Exists. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software developed by Japan\u0027s Omron Corporation. Omron CX-Programmer",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2979"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "VULHUB",
"id": "VHN-428673"
},
{
"db": "VULMON",
"id": "CVE-2022-2979"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2979",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-242-09",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU90019919",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002344",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-737",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-428673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2979",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-428673"
},
{
"db": "VULMON",
"id": "CVE-2022-2979"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-737"
},
{
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"id": "VAR-202209-0069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-428673"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-13T23:36:55.808000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CX-One\u00a0 Version upgrade \u00a0 Program: Support Tool: Omron Omron Corporation",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html"
},
{
"title": "Omron CX-Programmer Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=207869"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-428673"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90019919/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2979"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2979/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-428673"
},
{
"db": "VULMON",
"id": "CVE-2022-2979"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-737"
},
{
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-428673"
},
{
"db": "VULMON",
"id": "CVE-2022-2979"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-737"
},
{
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-428673"
},
{
"date": "2022-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"date": "2022-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-737"
},
{
"date": "2022-09-12T21:15:10.230000",
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-428673"
},
{
"date": "2024-06-13T03:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-002344"
},
{
"date": "2022-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-737"
},
{
"date": "2022-09-15T19:27:21.957000",
"db": "NVD",
"id": "CVE-2022-2979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Omron \u00a0CX-Programmer\u00a0 Freed memory usage in ( use-after-free ) vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-737"
}
],
"trust": 0.6
}
}
VAR-202211-1695
Vulnerability from variot - Updated: 2024-04-27 11:57Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1695",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.77 and earlier - cve-2022-43508"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.79 and earlier - cve-2023-22277 , cve-2023-22317 , cve-2023-22314"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.78 and earlier - cve-2022-43509 , cve-2022-43667"
},
{
"model": "cx-one",
"scope": null,
"trust": 0.7,
"vendor": "omron",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xina1i",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-634"
}
],
"trust": 0.7
},
"cve": "CVE-2022-43509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002765",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-43509",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43509",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002765",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2022-43509",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3542",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3542"
},
{
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"db": "VULHUB",
"id": "VHN-440561"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43509",
"trust": 4.0
},
{
"db": "JVN",
"id": "JVNVU92877622",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-356-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765",
"trust": 1.4
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15484",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-634",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6664",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3542",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-440561",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"db": "VULHUB",
"id": "VHN-440561"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3542"
},
{
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"id": "VAR-202211-1695",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-440561"
}
],
"trust": 0.63087795
},
"last_update_date": "2024-04-27T11:57:39.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from Omron Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92877622/995504/index.html"
},
{
"title": "Omron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04"
},
{
"title": "Omron CX-Programmer Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216966"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440561"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/vu/jvnvu92877622/index.html"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu92877622/index.html"
},
{
"trust": 1.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43508"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43509"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43667"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22277"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22314"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22317"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-356-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43509/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6664"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002765.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"db": "VULHUB",
"id": "VHN-440561"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3542"
},
{
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"db": "VULHUB",
"id": "VHN-440561"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3542"
},
{
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-17T00:00:00",
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-440561"
},
{
"date": "2022-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"date": "2022-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3542"
},
{
"date": "2022-12-07T04:15:10.850000",
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-17T00:00:00",
"db": "ZDI",
"id": "ZDI-23-634"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-440561"
},
{
"date": "2024-04-05T09:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"date": "2022-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3542"
},
{
"date": "2022-12-09T01:27:25.850000",
"db": "NVD",
"id": "CVE-2022-43509"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Omron \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3542"
}
],
"trust": 0.6
}
}
VAR-202211-1694
Vulnerability from variot - Updated: 2024-04-27 11:57Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1694",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.77 and earlier - cve-2022-43508"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.79 and earlier - cve-2023-22277 , cve-2023-22317 , cve-2023-22314"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.78 and earlier - cve-2022-43509 , cve-2022-43667"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"cve": "CVE-2022-43508",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002765",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43508",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002765",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3543",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3543"
},
{
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43508"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "VULHUB",
"id": "VHN-440560"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43508",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU92877622",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-356-04",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3543",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-440560",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3543"
},
{
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"id": "VAR-202211-1694",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-440560"
}
],
"trust": 0.01
},
"last_update_date": "2024-04-27T11:57:39.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from Omron Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92877622/995504/index.html"
},
{
"title": "Omron CX-Programmer Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216967"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/vu/jvnvu92877622/index.html"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu92877622/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43508"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43509"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43667"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22277"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22314"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22317"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43508/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002765.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3543"
},
{
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-440560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3543"
},
{
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-440560"
},
{
"date": "2022-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"date": "2022-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3543"
},
{
"date": "2022-12-07T04:15:10.790000",
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-440560"
},
{
"date": "2024-04-05T09:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3543"
},
{
"date": "2022-12-09T01:29:04.687000",
"db": "NVD",
"id": "CVE-2022-43508"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3543"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Omron \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3543"
}
],
"trust": 0.6
}
}
VAR-202211-1696
Vulnerability from variot - Updated: 2024-04-27 11:57Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1696",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.77 and earlier - cve-2022-43508"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.79 and earlier - cve-2023-22277 , cve-2023-22317 , cve-2023-22314"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "ver.9.78 and earlier - cve-2022-43509 , cve-2022-43667"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"cve": "CVE-2022-43667",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002765",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43667",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002765",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3541",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3541"
},
{
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43667"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "VULHUB",
"id": "VHN-440787"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43667",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU92877622",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-356-04",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3541",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-440787",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3541"
},
{
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"id": "VAR-202211-1696",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-440787"
}
],
"trust": 0.01
},
"last_update_date": "2024-04-27T11:57:39.547000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from Omron Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92877622/995504/index.html"
},
{
"title": "Omron CX-Programmer Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216965"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3541"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/vu/jvnvu92877622/index.html"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu92877622/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43508"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43509"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43667"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22277"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22314"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22317"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002765.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43667/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3541"
},
{
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-440787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3541"
},
{
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-440787"
},
{
"date": "2022-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"date": "2022-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3541"
},
{
"date": "2022-12-07T04:15:10.953000",
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-440787"
},
{
"date": "2024-04-05T09:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-002765"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3541"
},
{
"date": "2022-12-09T13:37:39.777000",
"db": "NVD",
"id": "CVE-2022-43667"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3541"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Omron \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3541"
}
],
"trust": 0.6
}
}
VAR-201812-0477
Vulnerability from variot - Updated: 2023-12-18 13:23In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The issue results from the lack of validating the existence of an object prior to performing operations on the object. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-Programmer is one of the PLC programming software. CX-Server is one of the driver management tools. A memory error reference vulnerability exists in Omron CX-One 4.42 and earlier (CX-Programmer 9.66 and earlier and CX-Server 5.0.23 and earlier). The vulnerability stems from a failure to check if the program is processing a project file. Reference the memory that was released. Omron CX-One is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0477",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-one",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "5.0.23"
},
{
"model": "cx-server",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "5.0.23"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 9.66"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 5.0.23"
},
{
"model": "cx-one",
"scope": null,
"trust": 0.7,
"vendor": "omron",
"version": null
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.6,
"vendor": "omron",
"version": "\u003c=4.42"
},
{
"model": "cx-server",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-server",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "5.0.24"
},
{
"model": "cx-programmer",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx one",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.23",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.66",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-one:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.42",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Ruiz (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1367"
}
],
"trust": 0.7
},
"cve": "CVE-2018-18989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "CNVD-2018-25309",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "7d806040-463f-11e9-aaa9-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-129603",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 6.6,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-18989",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-010184",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-18989",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2018-18989",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-25309",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-127",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-129603",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "VULHUB",
"id": "VHN-129603"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The issue results from the lack of validating the existence of an object prior to performing operations on the object. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-Programmer is one of the PLC programming software. CX-Server is one of the driver management tools. A memory error reference vulnerability exists in Omron CX-One 4.42 and earlier (CX-Programmer 9.66 and earlier and CX-Server 5.0.23 and earlier). The vulnerability stems from a failure to check if the program is processing a project file. Reference the memory that was released. Omron CX-One is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-129603"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18989",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-338-01",
"trust": 3.4
},
{
"db": "BID",
"id": "106106",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-25309",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90473043",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6608",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1367",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D806040-463F-11E9-AAA9-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-129603",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "VULHUB",
"id": "VHN-129603"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"id": "VAR-201812-0477",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "VULHUB",
"id": "VHN-129603"
}
],
"trust": 1.338418775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
}
]
},
"last_update_date": "2023-12-18T13:23:50.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CX-One \u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7 \u30d7\u30ed\u30b0\u30e9\u30e0 \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html"
},
{
"title": "CX-Programmer \u306e\u66f4\u65b0\u5185\u5bb9 | Ver.9.70 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e7412\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer"
},
{
"title": "\u5171\u901a\u30e2\u30b8\u30e5\u30fc\u30eb \u306e\u66f4\u65b0\u5185\u5bb9 | - : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e7412\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module"
},
{
"title": "Omron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-338-01"
},
{
"title": "Omron CX-One Memory Error Reference Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/147093"
},
{
"title": "Omron CX-One Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87423"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129603"
},
{
"db": "NVD",
"id": "CVE-2018-18989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-338-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106106"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18993"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18989"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90473043/"
},
{
"trust": 0.3,
"url": "https://industrial.omron.eu/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "VULHUB",
"id": "VHN-129603"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"db": "VULHUB",
"id": "VHN-129603"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"date": "2018-12-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"date": "2018-12-04T00:00:00",
"db": "VULHUB",
"id": "VHN-129603"
},
{
"date": "2018-12-04T00:00:00",
"db": "BID",
"id": "106106"
},
{
"date": "2018-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"date": "2018-12-04T22:29:00.277000",
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"date": "2018-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1367"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25309"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129603"
},
{
"date": "2018-12-04T00:00:00",
"db": "BID",
"id": "106106"
},
{
"date": "2018-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"date": "2019-10-09T23:37:32.067000",
"db": "NVD",
"id": "CVE-2018-18989"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106106"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One Memory Error Reference Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25309"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "7d806040-463f-11e9-aaa9-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-127"
}
],
"trust": 0.8
}
}
VAR-201812-0479
Vulnerability from variot - Updated: 2023-12-18 13:23Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Position. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-Programmer is one of the PLC programming software. CX-Server is one of the driver management tools. Area. Omron CX-One is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0479",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-one",
"scope": null,
"trust": 1.4,
"vendor": "omron",
"version": null
},
{
"model": "cx-one",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "5.0.23"
},
{
"model": "cx-server",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "5.0.23"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 9.66"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 5.0.23"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.6,
"vendor": "omron",
"version": "\u003c=4.42"
},
{
"model": "cx-server",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-server",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "5.0.24"
},
{
"model": "cx-programmer",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx one",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-one:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.66",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.23",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Ruiz (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
}
],
"trust": 1.4
},
"cve": "CVE-2018-18993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-25281",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "7d808751-463f-11e9-abf0-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-129608",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-18993",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-18993",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 6.6,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-010184",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-010184",
"trust": 1.6,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2018-18993",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-18993",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-25281",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-128",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-129608",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-18993",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "VULHUB",
"id": "VHN-129608"
},
{
"db": "VULMON",
"id": "CVE-2018-18993"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Position. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-Programmer is one of the PLC programming software. CX-Server is one of the driver management tools. Area. Omron CX-One is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-129608"
},
{
"db": "VULMON",
"id": "CVE-2018-18993"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18993",
"trust": 5.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-338-01",
"trust": 3.5
},
{
"db": "BID",
"id": "106106",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-25281",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90473043",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6610",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1368",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6603",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1366",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D808751-463F-11E9-ABF0-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-129608",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-18993",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "VULHUB",
"id": "VHN-129608"
},
{
"db": "VULMON",
"id": "CVE-2018-18993"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"id": "VAR-201812-0479",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "VULHUB",
"id": "VHN-129608"
}
],
"trust": 1.338418775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
}
]
},
"last_update_date": "2023-12-18T13:23:50.761000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-338-01"
},
{
"title": "CX-One \u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7 \u30d7\u30ed\u30b0\u30e9\u30e0 \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html"
},
{
"title": "CX-Programmer \u306e\u66f4\u65b0\u5185\u5bb9 | Ver.9.70 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e7412\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer"
},
{
"title": "\u5171\u901a\u30e2\u30b8\u30e5\u30fc\u30eb \u306e\u66f4\u65b0\u5185\u5bb9 | - : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e7412\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module"
},
{
"title": "Omron CX-One Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/146977"
},
{
"title": "Omron CX-One Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87424"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129608"
},
{
"db": "NVD",
"id": "CVE-2018-18993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-338-01"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/106106"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18993"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18989"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90473043/"
},
{
"trust": 0.3,
"url": "https://industrial.omron.eu/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "VULHUB",
"id": "VHN-129608"
},
{
"db": "VULMON",
"id": "CVE-2018-18993"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"db": "VULHUB",
"id": "VHN-129608"
},
{
"db": "VULMON",
"id": "CVE-2018-18993"
},
{
"db": "BID",
"id": "106106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"date": "2018-12-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"date": "2018-12-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"date": "2018-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"date": "2018-12-04T00:00:00",
"db": "VULHUB",
"id": "VHN-129608"
},
{
"date": "2018-12-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-18993"
},
{
"date": "2018-12-04T00:00:00",
"db": "BID",
"id": "106106"
},
{
"date": "2018-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"date": "2018-12-04T22:29:00.340000",
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"date": "2018-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1368"
},
{
"date": "2018-12-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1366"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25281"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-129608"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULMON",
"id": "CVE-2018-18993"
},
{
"date": "2018-12-04T00:00:00",
"db": "BID",
"id": "106106"
},
{
"date": "2018-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010184"
},
{
"date": "2020-09-18T16:55:28.587000",
"db": "NVD",
"id": "CVE-2018-18993"
},
{
"date": "2020-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106106"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25281"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "7d808751-463f-11e9-abf0-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-128"
}
],
"trust": 0.8
}
}
VAR-201904-0185
Vulnerability from variot - Updated: 2023-12-18 13:23When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Omron CX-Programmer is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. Omron CX-Programmer version 9.70 and prior are vulnerable; other versions may also be vulnerable. Both Omron CX-Programmer and Omron Common Components are products of Omron Corporation of Japan. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software. Omron Common Components is a PLC common component. This product includes PLC tools such as I/O table, PLC memory, PLC system setup, data trace/time graph monitoring, PLC error log, file memory, PLC clock, routing table and data link table. A resource management error vulnerability exists in Omron CX-Programmer 9.70 and earlier and Common Components 2019-1 and earlier. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.8,
"vendor": "omron",
"version": "9.70"
},
{
"model": "common components",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "2019-01"
},
{
"model": "common components",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "january 2019"
},
{
"model": "cx-one",
"scope": null,
"trust": 0.7,
"vendor": "omron",
"version": null
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "9.70"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-programmer",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.71"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"db": "BID",
"id": "107773"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "NVD",
"id": "CVE-2019-6556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:common_components:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.70",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6556"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Ruiz (mr_me) of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-344"
}
],
"trust": 0.7
},
"cve": "CVE-2019-6556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-002360",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157991",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 6.6,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-002360",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6556",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6556",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2019-002360",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2019-6556",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-228",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157991",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"db": "VULHUB",
"id": "VHN-157991"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "NVD",
"id": "CVE-2019-6556"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Omron CX-Programmer is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. \nOmron CX-Programmer version 9.70 and prior are vulnerable; other versions may also be vulnerable. Both Omron CX-Programmer and Omron Common Components are products of Omron Corporation of Japan. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software. Omron Common Components is a PLC common component. This product includes PLC tools such as I/O table, PLC memory, PLC system setup, data trace/time graph monitoring, PLC error log, file memory, PLC clock, routing table and data link table. A resource management error vulnerability exists in Omron CX-Programmer 9.70 and earlier and Common Components 2019-1 and earlier. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6556"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"db": "BID",
"id": "107773"
},
{
"db": "VULHUB",
"id": "VHN-157991"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6556",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-094-01",
"trust": 2.8
},
{
"db": "ZDI",
"id": "ZDI-19-344",
"trust": 2.4
},
{
"db": "BID",
"id": "107773",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98267543",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6609",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201904-228",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1152",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157991",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"db": "VULHUB",
"id": "VHN-157991"
},
{
"db": "BID",
"id": "107773"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "NVD",
"id": "CVE-2019-6556"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
]
},
"id": "VAR-201904-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157991"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T13:23:46.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CX-One \u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7 \u30d7\u30ed\u30b0\u30e9\u30e0 \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html"
},
{
"title": "CX-Programmer \u306e\u66f4\u65b0\u5185\u5bb9 | Ver.9.71 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2019\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer"
},
{
"title": "\u5171\u901a\u30e2\u30b8\u30e5\u30fc\u30eb \u306e\u66f4\u65b0\u5185\u5bb9 | \u2212 \uff1aCX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2019\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module"
},
{
"title": "Omron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-094-01"
},
{
"title": "Omron CX-Programmer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91096"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157991"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "NVD",
"id": "CVE-2019-6556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-094-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-344/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6556"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/107773"
},
{
"trust": 0.9,
"url": "https://industrial.omron.us/en/home"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6556"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98267543/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78474"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"db": "VULHUB",
"id": "VHN-157991"
},
{
"db": "BID",
"id": "107773"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "NVD",
"id": "CVE-2019-6556"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"db": "VULHUB",
"id": "VHN-157991"
},
{
"db": "BID",
"id": "107773"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"db": "NVD",
"id": "CVE-2019-6556"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-15T00:00:00",
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"date": "2019-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-157991"
},
{
"date": "2019-04-04T00:00:00",
"db": "BID",
"id": "107773"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"date": "2019-04-10T20:29:01.210000",
"db": "NVD",
"id": "CVE-2019-6556"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-15T00:00:00",
"db": "ZDI",
"id": "ZDI-19-344"
},
{
"date": "2019-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-157991"
},
{
"date": "2019-04-04T00:00:00",
"db": "BID",
"id": "107773"
},
{
"date": "2019-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002360"
},
{
"date": "2019-04-15T12:31:42.523000",
"db": "NVD",
"id": "CVE-2019-6556"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OMRON CX-One Free memory usage vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002360"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-228"
}
],
"trust": 0.6
}
}
VAR-202210-0092
Vulnerability from variot - Updated: 2023-12-18 12:25OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Omron Corporation's CX-Programmer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Position module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.78"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "9.78 and earlier"
},
{
"model": "cx-one",
"scope": null,
"trust": 0.7,
"vendor": "omron",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"db": "NVD",
"id": "CVE-2022-3398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.78",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3398"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xina1i",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-222"
}
],
"trust": 0.7
},
"cve": "CVE-2022-3398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3398",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3398",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3398",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-3398",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-3398",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-127",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Omron Corporation\u0027s CX-Programmer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Position module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"db": "VULHUB",
"id": "VHN-431035"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3398",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-277-04",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92014758",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15352",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-222",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202210-127",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-431035",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"db": "VULHUB",
"id": "VHN-431035"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
]
},
"id": "VAR-202210-0092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-431035"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T12:25:53.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-04"
},
{
"title": "Omron CX-Programmer Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209811"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-431035"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"db": "NVD",
"id": "CVE-2022-3398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92014758/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3398"
},
{
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3398/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-277-04"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"db": "VULHUB",
"id": "VHN-431035"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"db": "VULHUB",
"id": "VHN-431035"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-431035"
},
{
"date": "2023-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"date": "2022-10-06T18:16:22.803000",
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"date": "2022-10-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-222"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-431035"
},
{
"date": "2023-10-19T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-018385"
},
{
"date": "2022-10-06T23:47:50.147000",
"db": "NVD",
"id": "CVE-2022-3398"
},
{
"date": "2022-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron Corporation\u0027s \u00a0CX-Programmer\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018385"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-127"
}
],
"trust": 0.6
}
}
VAR-202210-0093
Vulnerability from variot - Updated: 2023-12-18 12:25OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Omron Corporation's CX-Programmer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.78"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "9.78 and earlier"
},
{
"model": "cx-one",
"scope": null,
"trust": 0.7,
"vendor": "omron",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"db": "NVD",
"id": "CVE-2022-3397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.78",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xina1i",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-224"
}
],
"trust": 0.7
},
"cve": "CVE-2022-3397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3397",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3397",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3397",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-3397",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-3397",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-129",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Omron Corporation\u0027s CX-Programmer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"db": "VULHUB",
"id": "VHN-431028"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3397",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-277-04",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92014758",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15355",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-224",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202210-129",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-431028",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"db": "VULHUB",
"id": "VHN-431028"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
]
},
"id": "VAR-202210-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-431028"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T12:25:53.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-04"
},
{
"title": "Omron CX-Programmer Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209813"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-431028"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"db": "NVD",
"id": "CVE-2022-3397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92014758/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3397"
},
{
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3397/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-277-04"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"db": "VULHUB",
"id": "VHN-431028"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"db": "VULHUB",
"id": "VHN-431028"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-431028"
},
{
"date": "2023-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"date": "2022-10-06T18:16:22.223000",
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"date": "2022-10-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-224"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-431028"
},
{
"date": "2023-10-19T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-018386"
},
{
"date": "2022-10-06T23:49:13.997000",
"db": "NVD",
"id": "CVE-2022-3397"
},
{
"date": "2022-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron Corporation\u0027s \u00a0CX-Programmer\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018386"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-129"
}
],
"trust": 0.6
}
}
VAR-202210-0094
Vulnerability from variot - Updated: 2023-12-18 12:25OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Omron Corporation's CX-Programmer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0094",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.78"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "9.78 and earlier"
},
{
"model": "cx-one",
"scope": null,
"trust": 0.7,
"vendor": "omron",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"db": "NVD",
"id": "CVE-2022-3396"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.78",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3396"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xina1i",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-223"
}
],
"trust": 0.7
},
"cve": "CVE-2022-3396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3396",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3396",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-3396",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-3396",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-128",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Omron Corporation\u0027s CX-Programmer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"db": "VULHUB",
"id": "VHN-431019"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3396",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-277-04",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92014758",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15353",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-223",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202210-128",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-431019",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"db": "VULHUB",
"id": "VHN-431019"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
]
},
"id": "VAR-202210-0094",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-431019"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T12:25:53.544000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-04"
},
{
"title": "Omron CX-Programmer Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209812"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-431019"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"db": "NVD",
"id": "CVE-2022-3396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92014758/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3396"
},
{
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3396/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-277-04"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"db": "VULHUB",
"id": "VHN-431019"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"db": "VULHUB",
"id": "VHN-431019"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-431019"
},
{
"date": "2023-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"date": "2022-10-06T18:16:21.840000",
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"date": "2022-10-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-223"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-431019"
},
{
"date": "2023-10-19T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-018387"
},
{
"date": "2022-10-06T23:44:26.567000",
"db": "NVD",
"id": "CVE-2022-3396"
},
{
"date": "2022-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron Corporation\u0027s \u00a0CX-Programmer\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018387"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-128"
}
],
"trust": 0.6
}
}
VAR-201804-1656
Vulnerability from variot - Updated: 2023-12-18 12:18Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition. Provided by OMRON Corporation CX-One The following applications contain several vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2018-7514 Stack-based buffer overflows can occur due to processing of specially crafted project files. * Accessing resources using inappropriate types ( Mixing of molds ) (CWE-843) - CVE-2018-7530 Due to the processing of a specially crafted project file, access to the outside of the memory area may occur by calling an object with an incorrect type. * Heap-based buffer overflow (CWE-122) - CVE-2018-8834 A heap-based buffer overflow can occur due to the processing of a specially crafted project file.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of PSW files. When parsing a crafted file, the process does not properly validate user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-FLnet, etc. are all integrated applications. There are security vulnerabilities in multiple softwares in Omron CX-One 4.42 and earlier. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1656",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-protocol",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.992"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "network configurator",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.63"
},
{
"model": "switch box utility",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.68"
},
{
"model": "cx-flnet",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.00"
},
{
"model": "switch box utility",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.68"
},
{
"model": "network configurator",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "3.63"
},
{
"model": "cx-server",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "cx-protocol",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.992"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-flnet",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.00"
},
{
"model": "cx-flnet",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.00"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 9.65"
},
{
"model": "cx-protocol",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.992"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 5.0.22"
},
{
"model": "network configurator",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 3.63"
},
{
"model": "switch box utility",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.68"
},
{
"model": "cx-one",
"scope": null,
"trust": 0.7,
"vendor": "omron",
"version": null
},
{
"model": "cx-flnet",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-protocol",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-server",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "network configurator",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "switch box utility",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.6,
"vendor": "omron",
"version": "\u003c=4.42"
},
{
"model": "switch box utility",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.69"
},
{
"model": "network configurator",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "3.64"
},
{
"model": "cx-server",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "5.0.23"
},
{
"model": "cx-protocol",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.993"
},
{
"model": "cx-programmer",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-flnet",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx flnet",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx one",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx protocol",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network configurator",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "switch box utility",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:switch_box_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.68",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.65",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-protocol:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.992",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-flnet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-one:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:network_configurator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.63",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-283"
}
],
"trust": 0.7
},
"cve": "CVE-2018-7530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-002441",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7530",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-07873",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-137562",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-002441",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-002441",
"trust": 2.4,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-7530",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2018-7530",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-07873",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-791",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137562",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "VULHUB",
"id": "VHN-137562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition. Provided by OMRON Corporation CX-One The following applications contain several vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2018-7514 Stack-based buffer overflows can occur due to processing of specially crafted project files. * Accessing resources using inappropriate types ( Mixing of molds ) (CWE-843) - CVE-2018-7530 Due to the processing of a specially crafted project file, access to the outside of the memory area may occur by calling an object with an incorrect type. * Heap-based buffer overflow (CWE-122) - CVE-2018-8834 A heap-based buffer overflow can occur due to the processing of a specially crafted project file.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of PSW files. When parsing a crafted file, the process does not properly validate user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-FLnet, etc. are all integrated applications. There are security vulnerabilities in multiple softwares in Omron CX-One 4.42 and earlier. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137562"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7530",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-100-02",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2018-07873",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95484528",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5404",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-283",
"trust": 0.7
},
{
"db": "BID",
"id": "103970",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2EBDD12-39AB-11E9-8F48-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137562",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "VULHUB",
"id": "VHN-137562"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"id": "VAR-201804-1656",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "VULHUB",
"id": "VHN-137562"
}
],
"trust": 1.4294842983333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
}
]
},
"last_update_date": "2023-12-18T12:18:55.676000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Network Configurator \u306e\u66f4\u65b0\u5185\u5bb9: Ver.3.64 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#network_configurator"
},
{
"title": "SwitchBoxUtility \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.69 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#switchboxutility"
},
{
"title": "\u5171\u901a\u30e2\u30b8\u30e5\u30fc\u30eb \u306e\u66f4\u65b0\u5185\u5bb9: \u2212 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module"
},
{
"title": "CX-FLnet \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.10 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_flnet"
},
{
"title": "CX-One \u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7 \u30d7\u30ed\u30b0\u30e9\u30e0 \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html"
},
{
"title": "CX-Programmer \u306e\u66f4\u65b0\u5185\u5bb9: Ver.9.66 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer"
},
{
"title": "CX-Protocol \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.993 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_protocol"
},
{
"title": "OMRON has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-02"
},
{
"title": "Omron CX-One code execution hole patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/126153"
},
{
"title": "Omron CX-One Fixes for multiple software security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80160"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-118",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-843",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7514"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7530"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8834"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95484528/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7514"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8834"
},
{
"trust": 0.3,
"url": "https://industrial.omron.eu/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "VULHUB",
"id": "VHN-137562"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"db": "VULHUB",
"id": "VHN-137562"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-137562"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103970"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"date": "2018-04-17T19:29:00.387000",
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-283"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07873"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137562"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103970"
},
{
"date": "2018-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"date": "2019-10-09T23:42:23.613000",
"db": "NVD",
"id": "CVE-2018-7530"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One Code execution hole",
"sources": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07873"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2ebdd12-39ab-11e9-8f48-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-791"
}
],
"trust": 0.8
}
}
VAR-201804-1567
Vulnerability from variot - Updated: 2023-12-18 12:18Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow. Provided by OMRON Corporation CX-One The following applications contain several vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2018-7514 Stack-based buffer overflows can occur due to processing of specially crafted project files. * Accessing resources using inappropriate types ( Mixing of molds ) (CWE-843) - CVE-2018-7530 Due to the processing of a specially crafted project file, access to the outside of the memory area may occur by calling an object with an incorrect type. * Heap-based buffer overflow (CWE-122) - CVE-2018-8834 A heap-based buffer overflow can occur due to the processing of a specially crafted project file.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of NVF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-FLnet, etc. are all integrated applications. A heap buffer overflow vulnerability exists in multiple softwares in Omron CX-One 4.42 and earlier. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1567",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-one",
"scope": null,
"trust": 2.8,
"vendor": "omron",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-protocol",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.992"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "network configurator",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.63"
},
{
"model": "switch box utility",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.68"
},
{
"model": "cx-flnet",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.00"
},
{
"model": "switch box utility",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.68"
},
{
"model": "network configurator",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "3.63"
},
{
"model": "cx-server",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "cx-protocol",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.992"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-flnet",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.00"
},
{
"model": "cx-flnet",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.00"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 9.65"
},
{
"model": "cx-protocol",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.992"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 5.0.22"
},
{
"model": "network configurator",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 3.63"
},
{
"model": "switch box utility",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.68"
},
{
"model": "cx-flnet",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-protocol",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-server",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "network configurator",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "switch box utility",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.6,
"vendor": "omron",
"version": "\u003c=4.42"
},
{
"model": "switch box utility",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.69"
},
{
"model": "network configurator",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "3.64"
},
{
"model": "cx-server",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "5.0.23"
},
{
"model": "cx-protocol",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.993"
},
{
"model": "cx-programmer",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-flnet",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx flnet",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx one",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx protocol",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network configurator",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "switch box utility",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:switch_box_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.68",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:network_configurator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.63",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-protocol:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.992",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-one:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.65",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-flnet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8834"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
}
],
"trust": 2.8
},
"cve": "CVE-2018-8834",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-8834",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 2.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-002441",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-07871",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-138866",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8834",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-002441",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-8834",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-002441",
"trust": 2.4,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-8834",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-07871",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-790",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138866",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-8834",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "VULHUB",
"id": "VHN-138866"
},
{
"db": "VULMON",
"id": "CVE-2018-8834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow. Provided by OMRON Corporation CX-One The following applications contain several vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2018-7514 Stack-based buffer overflows can occur due to processing of specially crafted project files. * Accessing resources using inappropriate types ( Mixing of molds ) (CWE-843) - CVE-2018-7530 Due to the processing of a specially crafted project file, access to the outside of the memory area may occur by calling an object with an incorrect type. * Heap-based buffer overflow (CWE-122) - CVE-2018-8834 A heap-based buffer overflow can occur due to the processing of a specially crafted project file.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of NVF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-FLnet, etc. are all integrated applications. A heap buffer overflow vulnerability exists in multiple softwares in Omron CX-One 4.42 and earlier. Omron CX-Supervisor is prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138866"
},
{
"db": "VULMON",
"id": "CVE-2018-8834"
}
],
"trust": 5.31
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8834",
"trust": 6.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-100-02",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2018-07871",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95484528",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5439",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-286",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5454",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-289",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5453",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-288",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5462",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-290",
"trust": 0.7
},
{
"db": "BID",
"id": "103970",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2EC2B30-39AB-11E9-8905-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138866",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-8834",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "VULHUB",
"id": "VHN-138866"
},
{
"db": "VULMON",
"id": "CVE-2018-8834"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"id": "VAR-201804-1567",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "VULHUB",
"id": "VHN-138866"
}
],
"trust": 1.4294842983333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
}
]
},
"last_update_date": "2023-12-18T12:18:52.417000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OMRON has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-02"
},
{
"title": "Network Configurator \u306e\u66f4\u65b0\u5185\u5bb9: Ver.3.64 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#network_configurator"
},
{
"title": "SwitchBoxUtility \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.69 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#switchboxutility"
},
{
"title": "\u5171\u901a\u30e2\u30b8\u30e5\u30fc\u30eb \u306e\u66f4\u65b0\u5185\u5bb9: \u2212 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module"
},
{
"title": "CX-FLnet \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.10 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_flnet"
},
{
"title": "CX-One \u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7 \u30d7\u30ed\u30b0\u30e9\u30e0 \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html"
},
{
"title": "CX-Programmer \u306e\u66f4\u65b0\u5185\u5bb9: Ver.9.66 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer"
},
{
"title": "CX-Protocol \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.993 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_protocol"
},
{
"title": "Omron CX-One heap buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/126149"
},
{
"title": "Omron CX-One Fixes for multiple software buffer error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80159"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-843",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138866"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-8834"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 6.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7514"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7530"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8834"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95484528/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7514"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8834"
},
{
"trust": 0.3,
"url": "https://industrial.omron.eu/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "VULHUB",
"id": "VHN-138866"
},
{
"db": "VULMON",
"id": "CVE-2018-8834"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"db": "VULHUB",
"id": "VHN-138866"
},
{
"db": "VULMON",
"id": "CVE-2018-8834"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-138866"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8834"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103970"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"date": "2018-04-17T19:29:00.437000",
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-286"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-289"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-288"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-290"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07871"
},
{
"date": "2020-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-138866"
},
{
"date": "2020-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8834"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103970"
},
{
"date": "2018-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"date": "2020-09-29T19:10:22.737000",
"db": "NVD",
"id": "CVE-2018-8834"
},
{
"date": "2020-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07871"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2ec2b30-39ab-11e9-8905-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-790"
}
],
"trust": 0.8
}
}
VAR-201804-1654
Vulnerability from variot - Updated: 2023-12-18 12:18Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow. Provided by OMRON Corporation CX-One The following applications contain several vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2018-7514 Stack-based buffer overflows can occur due to processing of specially crafted project files. * Accessing resources using inappropriate types ( Mixing of molds ) (CWE-843) - CVE-2018-7530 Due to the processing of a specially crafted project file, access to the outside of the memory area may occur by calling an object with an incorrect type. * Heap-based buffer overflow (CWE-122) - CVE-2018-8834 A heap-based buffer overflow can occur due to the processing of a specially crafted project file.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of MCI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-FLnet, etc. are all integrated applications. A heap buffer overflow vulnerability exists in multiple softwares in Omron CX-One 4.42 and earlier. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1654",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-one",
"scope": null,
"trust": 3.5,
"vendor": "omron",
"version": null
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-protocol",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.992"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "network configurator",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.63"
},
{
"model": "switch box utility",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.68"
},
{
"model": "cx-flnet",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.00"
},
{
"model": "switch box utility",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.68"
},
{
"model": "network configurator",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "3.63"
},
{
"model": "cx-server",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "5.0.22"
},
{
"model": "cx-protocol",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.992"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "9.65"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "4.42"
},
{
"model": "cx-flnet",
"scope": "eq",
"trust": 0.9,
"vendor": "omron",
"version": "1.00"
},
{
"model": "cx-flnet",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.00"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 9.65"
},
{
"model": "cx-protocol",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.992"
},
{
"model": "cx-server",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 5.0.22"
},
{
"model": "network configurator",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 3.63"
},
{
"model": "switch box utility",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "version 1.68"
},
{
"model": "cx-flnet",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-protocol",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-server",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "network configurator",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "switch box utility",
"scope": null,
"trust": 0.6,
"vendor": "omron",
"version": null
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.6,
"vendor": "omron",
"version": "\u003c=4.42"
},
{
"model": "switch box utility",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.69"
},
{
"model": "network configurator",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "3.64"
},
{
"model": "cx-server",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "5.0.23"
},
{
"model": "cx-protocol",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.993"
},
{
"model": "cx-programmer",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.66"
},
{
"model": "cx-flnet",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx flnet",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx one",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx protocol",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network configurator",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "switch box utility",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-protocol:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.992",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:switch_box_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.68",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:network_configurator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.63",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-one:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.65",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-flnet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
}
],
"trust": 3.5
},
"cve": "CVE-2018-7514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7514",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 3.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-002441",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-07872",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-137546",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-002441",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7514",
"trust": 3.5,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-002441",
"trust": 2.4,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-7514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-07872",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-792",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137546",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "VULHUB",
"id": "VHN-137546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow. Provided by OMRON Corporation CX-One The following applications contain several vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2018-7514 Stack-based buffer overflows can occur due to processing of specially crafted project files. * Accessing resources using inappropriate types ( Mixing of molds ) (CWE-843) - CVE-2018-7530 Due to the processing of a specially crafted project file, access to the outside of the memory area may occur by calling an object with an incorrect type. * Heap-based buffer overflow (CWE-122) - CVE-2018-8834 A heap-based buffer overflow can occur due to the processing of a specially crafted project file.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of MCI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-FLnet, etc. are all integrated applications. A heap buffer overflow vulnerability exists in multiple softwares in Omron CX-One 4.42 and earlier. Omron CX-Supervisor is prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137546"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7514",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-100-02",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2018-07872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95484528",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5440",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-287",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5402",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-281",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5405",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-284",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5403",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-282",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5406",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-285",
"trust": 0.7
},
{
"db": "BID",
"id": "103970",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2EC0421-39AB-11E9-BCD0-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137546",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "VULHUB",
"id": "VHN-137546"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"id": "VAR-201804-1654",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "VULHUB",
"id": "VHN-137546"
}
],
"trust": 1.4294842983333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
}
]
},
"last_update_date": "2023-12-18T12:18:52.356000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OMRON has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-02"
},
{
"title": "Network Configurator \u306e\u66f4\u65b0\u5185\u5bb9: Ver.3.64 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#network_configurator"
},
{
"title": "SwitchBoxUtility \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.69 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#switchboxutility"
},
{
"title": "\u5171\u901a\u30e2\u30b8\u30e5\u30fc\u30eb \u306e\u66f4\u65b0\u5185\u5bb9: \u2212 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module"
},
{
"title": "CX-FLnet \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.10 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_flnet"
},
{
"title": "CX-One \u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7 \u30d7\u30ed\u30b0\u30e9\u30e0 \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html"
},
{
"title": "CX-Programmer \u306e\u66f4\u65b0\u5185\u5bb9: Ver.9.66 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer"
},
{
"title": "CX-Protocol \u306e\u66f4\u65b0\u5185\u5bb9: Ver.1.993 : CX-One\u30aa\u30fc\u30c8\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08V4\u5411\u3051_2018\u5e744\u6708\uff09",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_protocol"
},
{
"title": "Patch for Omron CX-One Heap Buffer Overflow Vulnerability (CNVD-2018-07872)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/126151"
},
{
"title": "Omron CX-One Fixes for multiple software buffer error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80161"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-843",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 6.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7514"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7530"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8834"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95484528/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7514"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8834"
},
{
"trust": 0.3,
"url": "https://industrial.omron.eu/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "VULHUB",
"id": "VHN-137546"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"db": "VULHUB",
"id": "VHN-137546"
},
{
"db": "BID",
"id": "103970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-137546"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103970"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"date": "2018-04-17T19:29:00.340000",
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-287"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-281"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-284"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-282"
},
{
"date": "2018-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-18-285"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07872"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137546"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103970"
},
{
"date": "2018-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002441"
},
{
"date": "2020-10-02T14:51:17.413000",
"db": "NVD",
"id": "CVE-2018-7514"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OMRON CX-One Multiple vulnerabilities in applications included",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002441"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2ec0421-39ab-11e9-bcd0-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-792"
}
],
"trust": 0.8
}
}
VAR-201510-0444
Vulnerability from variot - Updated: 2023-12-18 12:06Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. Multiple Omron Corporation Products are prone to multiple local information-disclosure vulnerabilities A local attacker can exploit these issues to obtain sensitive information or cause a denial-of-service vulnerability. The following products are vulnerable: Versions prior to CX-Programmer software 9.6 Versions prior to CJ2M Series PLC 2.1 Versions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer is a set of programs used to configure programmable devices produced by Omron Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.5"
},
{
"model": "cx-programmer",
"scope": "lt",
"trust": 0.8,
"vendor": "omron",
"version": "9.6"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "omron",
"version": "9.5"
},
{
"model": "cx-programmer software",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cj2m series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cj2h series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cx-programmer software",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.6"
},
{
"model": "cj2m series plc",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h series plc",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0988"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephen Dunlap",
"sources": [
{
"db": "BID",
"id": "76936"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0988",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-78934",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0988",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-029",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-78934",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2015-0988",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78934"
},
{
"db": "VULMON",
"id": "CVE-2015-0988"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. Multiple Omron Corporation Products are prone to multiple local information-disclosure vulnerabilities\nA local attacker can exploit these issues to obtain sensitive information or cause a denial-of-service vulnerability. \nThe following products are vulnerable:\nVersions prior to CX-Programmer software 9.6\nVersions prior to CJ2M Series PLC 2.1\nVersions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer is a set of programs used to configure programmable devices produced by Omron Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78934"
},
{
"db": "VULMON",
"id": "CVE-2015-0988"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0988",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-274-01",
"trust": 2.9
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU99817917",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093",
"trust": 0.8
},
{
"db": "BID",
"id": "76936",
"trust": 0.4
},
{
"db": "IVD",
"id": "708C9DFE-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-78934",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0988",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78934"
},
{
"db": "VULMON",
"id": "CVE-2015-0988"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"id": "VAR-201510-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78934"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T12:06:44.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CX-Programmer",
"trust": 0.8,
"url": "https://industrial.omron.us/en/products/catalogue/automation_systems/software/programming/cx-one/default.html"
},
{
"title": "\u3010\u304a\u77e5\u3089\u305b\u3011\u5f0a\u793e\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 CJ\u30b7\u30ea\u30fc\u30ba\u306e\u300cUM\u8aad\u51fa\u30d7\u30ed\u30c6\u30af\u30c8\u6a5f\u80fd\u300d\u306b\u4f7f\u7528\u3057\u3066\u3044\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\u6a5f\u80fd\u306e\u5f37\u5316\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.fa.omron.co.jp/product/special/security_plc/index.html"
},
{
"title": "Omron CX-One CX-Programmer Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57887"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78934"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "NVD",
"id": "CVE-2015-0988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-274-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0988"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99817917/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0988"
},
{
"trust": 0.3,
"url": "https://industrial.omron.us/en/home"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-274-01 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76936"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78934"
},
{
"db": "VULMON",
"id": "CVE-2015-0988"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78934"
},
{
"db": "VULMON",
"id": "CVE-2015-0988"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-09T00:00:00",
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78934"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0988"
},
{
"date": "2015-10-01T00:00:00",
"db": "BID",
"id": "76936"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"date": "2015-10-06T01:59:04.970000",
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78934"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0988"
},
{
"date": "2015-10-01T00:00:00",
"db": "BID",
"id": "76936"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005093"
},
{
"date": "2015-10-06T23:49:11.530000",
"db": "NVD",
"id": "CVE-2015-0988"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "76936"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One CX-Programmer Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "708c9dfe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-029"
}
],
"trust": 0.6
}
}
VAR-201510-0443
Vulnerability from variot - Updated: 2023-12-18 12:06Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. Multiple Omron Corporation products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. The following products are vulnerable: Versions prior to CX-Programmer software 9.6 Versions prior to CJ2M Series PLC 2.1 Versions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer, CJ2M PLC and CJ2H PLC are all products of Japan Omron Corporation. CX-Programmer is a set of programs in the CX-One software suite for configuring programmable devices. The vulnerability is caused by the password that the program transmits in clear text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cj2m plc",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "2.0"
},
{
"model": "cj2h plc",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cx-programmer",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "9.5"
},
{
"model": "cj2h plc",
"scope": "lt",
"trust": 0.8,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2m plc",
"scope": "lt",
"trust": 0.8,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cx-programmer",
"scope": "lt",
"trust": 0.8,
"vendor": "omron",
"version": "9.6"
},
{
"model": "cx-programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "omron",
"version": "9.5"
},
{
"model": "cj2m plc",
"scope": "eq",
"trust": 0.6,
"vendor": "omron",
"version": "2.0"
},
{
"model": "cj2h plc",
"scope": "eq",
"trust": 0.6,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cx-programmer software",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cj2m series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cj2h series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cx-programmer software",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.6"
},
{
"model": "cj2m series plc",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h series plc",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cj2h plc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cj2m plc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "76938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:cj2h_plc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:omron:cj2m_plc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephen Dunlap",
"sources": [
{
"db": "BID",
"id": "76938"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0987",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "708dca44-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78933",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0987",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-028",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78933",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0987",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78933"
},
{
"db": "VULMON",
"id": "CVE-2015-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. Multiple Omron Corporation products are prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nThe following products are vulnerable:\nVersions prior to CX-Programmer software 9.6\nVersions prior to CJ2M Series PLC 2.1\nVersions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer, CJ2M PLC and CJ2H PLC are all products of Japan Omron Corporation. CX-Programmer is a set of programs in the CX-One software suite for configuring programmable devices. The vulnerability is caused by the password that the program transmits in clear text",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"db": "BID",
"id": "76938"
},
{
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78933"
},
{
"db": "VULMON",
"id": "CVE-2015-0987"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0987",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-274-01",
"trust": 2.9
},
{
"db": "CNNVD",
"id": "CNNVD-201510-028",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU99817917",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092",
"trust": 0.8
},
{
"db": "BID",
"id": "76938",
"trust": 0.5
},
{
"db": "IVD",
"id": "708DCA44-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-78933",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0987",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78933"
},
{
"db": "VULMON",
"id": "CVE-2015-0987"
},
{
"db": "BID",
"id": "76938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
]
},
"id": "VAR-201510-0443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78933"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T12:06:44.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CX-Programmer",
"trust": 0.8,
"url": "https://industrial.omron.us/en/products/catalogue/automation_systems/software/programming/cx-one/default.html"
},
{
"title": "\u3010\u304a\u77e5\u3089\u305b\u3011\u5f0a\u793e\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 CJ\u30b7\u30ea\u30fc\u30ba\u306e\u300cUM\u8aad\u51fa\u30d7\u30ed\u30c6\u30af\u30c8\u6a5f\u80fd\u300d\u306b\u4f7f\u7528\u3057\u3066\u3044\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\u6a5f\u80fd\u306e\u5f37\u5316\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.fa.omron.co.jp/product/special/security_plc/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78933"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"db": "NVD",
"id": "CVE-2015-0987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-274-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0987"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99817917/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0987"
},
{
"trust": 0.3,
"url": "https://industrial.omron.us/en/home"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-274-01 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78933"
},
{
"db": "VULMON",
"id": "CVE-2015-0987"
},
{
"db": "BID",
"id": "76938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78933"
},
{
"db": "VULMON",
"id": "CVE-2015-0987"
},
{
"db": "BID",
"id": "76938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-09T00:00:00",
"db": "IVD",
"id": "708dca44-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78933"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0987"
},
{
"date": "2015-10-01T00:00:00",
"db": "BID",
"id": "76938"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"date": "2015-10-06T01:59:03.657000",
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-78933"
},
{
"date": "2015-10-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0987"
},
{
"date": "2015-10-01T00:00:00",
"db": "BID",
"id": "76938"
},
{
"date": "2015-10-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005092"
},
{
"date": "2015-10-07T08:13:09.337000",
"db": "NVD",
"id": "CVE-2015-0987"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Omron Vulnerabilities in which important information is obtained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-028"
}
],
"trust": 0.6
}
}
VAR-201510-0442
Vulnerability from variot - Updated: 2023-12-18 12:06Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. Multiple Omron Corporation Products are prone to multiple local information-disclosure vulnerabilities A local attacker can exploit these issues to obtain sensitive information or cause a denial-of-service vulnerability. The following products are vulnerable: Versions prior to CX-Programmer software 9.6 Versions prior to CJ2M Series PLC 2.1 Versions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer, CJ2M PLC and CJ2H PLC are all products of Japan Omron Corporation. CX-Programmer is a set of programs in the CX-One software suite for configuring programmable devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "9.5"
},
{
"model": "cj2h plc",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cj2m plc",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "2.0"
},
{
"model": "cj2h plc",
"scope": "lt",
"trust": 0.8,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2m plc",
"scope": "lt",
"trust": 0.8,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cx-programmer",
"scope": "lt",
"trust": 0.8,
"vendor": "omron",
"version": "9.6"
},
{
"model": "cx-programmer software",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cj2m series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cj2h series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "0"
},
{
"model": "cx-programmer software",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "9.6"
},
{
"model": "cj2m series plc",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h series plc",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cx programmer",
"version": "9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cj2h plc",
"version": "1.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cj2m plc",
"version": "2.0"
}
],
"sources": [
{
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:cj2m_plc:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:omron:cj2h_plc:1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephen Dunlap",
"sources": [
{
"db": "BID",
"id": "76936"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1015",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "708f317c-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-78975",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1015",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-030",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-78975",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78975"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. Multiple Omron Corporation Products are prone to multiple local information-disclosure vulnerabilities\nA local attacker can exploit these issues to obtain sensitive information or cause a denial-of-service vulnerability. \nThe following products are vulnerable:\nVersions prior to CX-Programmer software 9.6\nVersions prior to CJ2M Series PLC 2.1\nVersions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer, CJ2M PLC and CJ2H PLC are all products of Japan Omron Corporation. CX-Programmer is a set of programs in the CX-One software suite for configuring programmable devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78975"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1015",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-274-01",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-030",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU99817917",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094",
"trust": 0.8
},
{
"db": "BID",
"id": "76936",
"trust": 0.3
},
{
"db": "IVD",
"id": "708F317C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-78975",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78975"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
]
},
"id": "VAR-201510-0442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78975"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T12:06:44.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CX-Programmer",
"trust": 0.8,
"url": "https://industrial.omron.us/en/products/catalogue/automation_systems/software/programming/cx-one/default.html"
},
{
"title": "\u3010\u304a\u77e5\u3089\u305b\u3011\u5f0a\u793e\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 CJ\u30b7\u30ea\u30fc\u30ba\u306e\u300cUM\u8aad\u51fa\u30d7\u30ed\u30c6\u30af\u30c8\u6a5f\u80fd\u300d\u306b\u4f7f\u7528\u3057\u3066\u3044\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\u6a5f\u80fd\u306e\u5f37\u5316\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.fa.omron.co.jp/product/special/security_plc/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78975"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"db": "NVD",
"id": "CVE-2015-1015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-274-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1015"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99817917/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1015"
},
{
"trust": 0.3,
"url": "https://industrial.omron.us/en/home"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-274-01 "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78975"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-78975"
},
{
"db": "BID",
"id": "76936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-09T00:00:00",
"db": "IVD",
"id": "708f317c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78975"
},
{
"date": "2015-10-01T00:00:00",
"db": "BID",
"id": "76936"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"date": "2015-10-06T01:59:06.237000",
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78975"
},
{
"date": "2015-10-01T00:00:00",
"db": "BID",
"id": "76936"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005094"
},
{
"date": "2015-10-06T23:49:39.873000",
"db": "NVD",
"id": "CVE-2015-1015"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "76936"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Omron Vulnerabilities in which important information is obtained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-030"
}
],
"trust": 0.6
}
}
VAR-202206-2044
Vulnerability from variot - Updated: 2023-12-18 11:41Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain a vulnerability related to the transmission of sensitive information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sysmac cj2h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "sysmac cp1l",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.10"
},
{
"model": "sysmac cp1h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2m",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.6"
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac cp1e",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cs1",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "sysmac cp1h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs1",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2m",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1e",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1w-cif41",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1l",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
},
"cve": "CVE-2022-31204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31204",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-31204",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2692",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain a vulnerability related to the transmission of sensitive information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31204",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062924",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422891",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31204",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"id": "VAR-202206-2044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
}
],
"trust": 0.55
},
"last_update_date": "2023-12-18T11:41:26.676000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=203712"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 2.5,
"url": "https://www.forescout.com/blog/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31204"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3140"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062924"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31204/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-422891"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"date": "2022-07-26T22:15:11.317000",
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-422891"
},
{
"date": "2023-09-13T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"date": "2022-08-04T14:59:59.737000",
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to sending sensitive information in plain text in multiple OMRON Corporation products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
}
}
VAR-202203-0203
Vulnerability from variot - Updated: 2023-12-18 11:17Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 ‥ * Out-of-bounds read (CWE-125) - CVE-2022-21219 ‥ * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "(v4.60) include cx-programmer v9.76.1 and earlier"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21219"
}
]
},
"cve": "CVE-2022-21219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415590",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001384",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001384",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-651",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415590",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21219"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 \u2025 * Out-of-bounds read (CWE-125) - CVE-2022-21219 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21219"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "VULHUB",
"id": "VHN-415590"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU90121984",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-21219",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202203-651",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415590",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21219"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
]
},
"id": "VAR-202203-0203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415590"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T11:17:52.783000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from OMRON Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90121984/995504/index.html"
},
{
"title": "Omron CX-Programmer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185152"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu90121984/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90121984/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21219/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-001384.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21219"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415590"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21219"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-415590"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-10T17:45:14.157000",
"db": "NVD",
"id": "CVE-2022-21219"
},
{
"date": "2022-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415590"
},
{
"date": "2022-03-07T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-14T20:32:58.633000",
"db": "NVD",
"id": "CVE-2022-21219"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by OMRON \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-651"
}
],
"trust": 0.6
}
}
VAR-202203-0205
Vulnerability from variot - Updated: 2023-12-18 11:17Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 ‥ * Out-of-bounds read (CWE-125) - CVE-2022-21219 ‥ * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "(v4.60) include cx-programmer v9.76.1 and earlier"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25234"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25234"
}
]
},
"cve": "CVE-2022-25234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415588",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001384",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-25234",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001384",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-650",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415588",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415588"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25234"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 \u2025 * Out-of-bounds read (CWE-125) - CVE-2022-21219 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25234"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "VULHUB",
"id": "VHN-415588"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU90121984",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-25234",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384",
"trust": 1.4
},
{
"db": "AUSCERT",
"id": "ESB-2022.2926",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-650",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415588",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415588"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25234"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
]
},
"id": "VAR-202203-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415588"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T11:17:45.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from OMRON Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90121984/995504/index.html"
},
{
"title": "Omron CX-Programmer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185151"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415588"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu90121984/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90121984/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2926"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25234/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-001384.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415588"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25234"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415588"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25234"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-415588"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-10T17:47:03.533000",
"db": "NVD",
"id": "CVE-2022-25234"
},
{
"date": "2022-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415588"
},
{
"date": "2022-03-07T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-14T23:41:29.937000",
"db": "NVD",
"id": "CVE-2022-25234"
},
{
"date": "2022-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by OMRON \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-650"
}
],
"trust": 0.6
}
}
VAR-202203-0204
Vulnerability from variot - Updated: 2023-12-18 11:05Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 ‥ * Out-of-bounds read (CWE-125) - CVE-2022-21219 ‥ * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "(v4.60) include cx-programmer v9.76.1 and earlier"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21124"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21124"
}
]
},
"cve": "CVE-2022-21124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415591",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001384",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21124",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001384",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-654",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415591",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415591"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21124"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 \u2025 * Out-of-bounds read (CWE-125) - CVE-2022-21219 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "VULHUB",
"id": "VHN-415591"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU90121984",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-21124",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/06/16/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/06/14/4",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384",
"trust": 1.4
},
{
"db": "AUSCERT",
"id": "ESB-2022.2926",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-654",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415591",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415591"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21124"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
]
},
"id": "VAR-202203-0204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415591"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T11:05:36.888000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from OMRON Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90121984/995504/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415591"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://xenbits.xen.org/xsa/advisory-404.html"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu90121984/index.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/06/14/4"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90121984/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21124/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2926"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-001384.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415591"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21124"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415591"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-21124"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-415591"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-10T17:45:08.070000",
"db": "NVD",
"id": "CVE-2022-21124"
},
{
"date": "2022-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-415591"
},
{
"date": "2022-03-07T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-06-16T18:15:09.797000",
"db": "NVD",
"id": "CVE-2022-21124"
},
{
"date": "2022-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by OMRON \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-654"
}
],
"trust": 0.6
}
}
VAR-202203-0201
Vulnerability from variot - Updated: 2023-12-18 11:02Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 ‥ * Out-of-bounds read (CWE-125) - CVE-2022-21219 ‥ * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "(v4.60) include cx-programmer v9.76.1 and earlier"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25230"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25230"
}
]
},
"cve": "CVE-2022-25230",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415589",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001384",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-25230",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001384",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-653",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415589",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415589"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25230"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 \u2025 * Out-of-bounds read (CWE-125) - CVE-2022-21219 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25230"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "VULHUB",
"id": "VHN-415589"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU90121984",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-25230",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202203-653",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415589",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415589"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25230"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
]
},
"id": "VAR-202203-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415589"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T11:02:44.382000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from OMRON Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90121984/995504/index.html"
},
{
"title": "Omron CX-Programmer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185154"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415589"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25230"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu90121984/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90121984/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-001384.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25230/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415589"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25230"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415589"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25230"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-415589"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-10T17:47:03.177000",
"db": "NVD",
"id": "CVE-2022-25230"
},
{
"date": "2022-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415589"
},
{
"date": "2022-03-07T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-14T23:44:15.997000",
"db": "NVD",
"id": "CVE-2022-25230"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by OMRON \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-653"
}
],
"trust": 0.6
}
}
VAR-202203-0202
Vulnerability from variot - Updated: 2023-12-18 10:48Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 ‥ * Out-of-bounds read (CWE-125) - CVE-2022-21219 ‥ * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.77"
},
{
"model": "cx-one",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "(v4.60) include cx-programmer v9.76.1 and earlier"
},
{
"model": "cx-one",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25325"
}
]
},
"cve": "CVE-2022-25325",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415587",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001384",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-25325",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001384",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-652",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415587",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415587"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25325"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. Provided by OMRON Corporation CX-Programmer There are multiple vulnerabilities in. * Out-of-bounds writing (CWE-787) - CVE-2022-21124 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25230 \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2022-25325 \u2025 * Out-of-bounds read (CWE-125) - CVE-2022-21219 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2022-25234 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25325"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "VULHUB",
"id": "VHN-415587"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU90121984",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-25325",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202203-652",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415587",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415587"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25325"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
]
},
"id": "VAR-202203-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415587"
}
],
"trust": 0.63087795
},
"last_update_date": "2023-12-18T10:48:26.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from OMRON Corporation",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90121984/995504/index.html"
},
{
"title": "Omron CX-Programmer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185153"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415587"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25325"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu90121984/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90121984/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25325/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-001384.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415587"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25325"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415587"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"db": "NVD",
"id": "CVE-2022-25325"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-415587"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-10T17:47:07.817000",
"db": "NVD",
"id": "CVE-2022-25325"
},
{
"date": "2022-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415587"
},
{
"date": "2022-03-07T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-001384"
},
{
"date": "2022-03-14T23:44:43.603000",
"db": "NVD",
"id": "CVE-2022-25325"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by OMRON \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001384"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-652"
}
],
"trust": 0.6
}
}
CVE-2023-22277 (GCVE-0-2023-22277)
Vulnerability from cvelistv5 – Published: 2023-08-03 13:05 – Updated: 2024-10-17 14:21
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU92877622/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:21:26.727465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:21:36.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:05:45.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22277",
"datePublished": "2023-08-03T13:05:45.204Z",
"dateReserved": "2022-12-27T15:57:55.077Z",
"dateUpdated": "2024-10-17T14:21:36.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22314 (GCVE-0-2023-22314)
Vulnerability from cvelistv5 – Published: 2023-08-03 12:59 – Updated: 2024-10-17 14:27
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU92877622/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:27:26.735010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:27:35.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:08:22.396Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22314",
"datePublished": "2023-08-03T12:59:07.012Z",
"dateReserved": "2022-12-27T15:57:55.088Z",
"dateUpdated": "2024-10-17T14:27:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22317 (GCVE-0-2023-22317)
Vulnerability from cvelistv5 – Published: 2023-08-03 12:56 – Updated: 2024-10-17 15:34
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU92877622/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:33:38.630665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:34:00.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:07:10.073Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22317",
"datePublished": "2023-08-03T12:56:14.503Z",
"dateReserved": "2022-12-27T15:57:55.084Z",
"dateUpdated": "2024-10-17T15:34:00.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38748 (GCVE-0-2023-38748)
Vulnerability from cvelistv5 – Published: 2023-08-03 05:09 – Updated: 2024-10-17 15:44
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:44:38.294238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:44:46.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:09:16.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38748",
"datePublished": "2023-08-03T05:09:16.186Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:44:46.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22277 (GCVE-0-2023-22277)
Vulnerability from nvd – Published: 2023-08-03 13:05 – Updated: 2024-10-17 14:21
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU92877622/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:21:26.727465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:21:36.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:05:45.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22277",
"datePublished": "2023-08-03T13:05:45.204Z",
"dateReserved": "2022-12-27T15:57:55.077Z",
"dateUpdated": "2024-10-17T14:21:36.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22314 (GCVE-0-2023-22314)
Vulnerability from nvd – Published: 2023-08-03 12:59 – Updated: 2024-10-17 14:27
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU92877622/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:27:26.735010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:27:35.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:08:22.396Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22314",
"datePublished": "2023-08-03T12:59:07.012Z",
"dateReserved": "2022-12-27T15:57:55.088Z",
"dateUpdated": "2024-10-17T14:27:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22317 (GCVE-0-2023-22317)
Vulnerability from nvd – Published: 2023-08-03 12:56 – Updated: 2024-10-17 15:34
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU92877622/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:33:38.630665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:34:00.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:07:10.073Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22317",
"datePublished": "2023-08-03T12:56:14.503Z",
"dateReserved": "2022-12-27T15:57:55.084Z",
"dateUpdated": "2024-10-17T15:34:00.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38748 (GCVE-0-2023-38748)
Vulnerability from nvd – Published: 2023-08-03 05:09 – Updated: 2024-10-17 15:44
VLAI
Summary
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Use after free
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:44:38.294238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:44:46.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:09:16.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38748",
"datePublished": "2023-08-03T05:09:16.186Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:44:46.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}