Search criteria
76 vulnerabilities by Omron
CVE-2022-45792 (GCVE-0-2022-45792)
Vulnerability from cvelistv5 – Published: 2024-01-22 17:46 – Updated: 2025-06-17 21:19
VLAI?
Summary
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
Severity ?
7.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | Sysmac Studio |
Affected:
0 , < 1.54.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T18:36:27.204028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:25.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86",
"64 bit"
],
"product": "Sysmac Studio",
"vendor": "Omron",
"versions": [
{
"lessThan": "1.54.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
}
],
"value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T17:46:36.699Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory Traversal in Project File Format allows overwrite (Zip Slip)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2022-45792",
"datePublished": "2024-01-22T17:46:36.699Z",
"dateReserved": "2022-11-22T17:52:43.198Z",
"dateUpdated": "2025-06-17T21:19:25.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45790 (GCVE-0-2022-45790)
Vulnerability from cvelistv5 – Published: 2024-01-22 17:22 – Updated: 2024-11-13 16:53
VLAI?
Summary
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
Severity ?
8.6 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | CJ-series and CS-series CPU modules |
Affected:
CJ2H 0.0 , < 1.5
(custom)
Affected: CJ2M 0.0 , < 2.1 (custom) Affected: CJ1G 0.0 , < 4.1 (custom) Affected: CS1H 0.0 , < 4.1 (custom) Affected: CS1G 0.0 , < 4.1 (custom) Affected: CS1D-H 0.0 , < 1.4 (custom) Affected: CP1E-E 0.0 , < 1.3 (custom) Affected: CP1E-N 0.0 , < 1.3 (custom) Affected: CS1D-P 0.0 , < 1.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-25T20:23:52.957365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T16:53:38.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CJ-series and CS-series CPU modules",
"vendor": "Omron",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "CJ2H 0.0",
"versionType": "custom"
},
{
"lessThan": "2.1",
"status": "affected",
"version": "CJ2M 0.0",
"versionType": "custom"
},
{
"lessThan": "4.1",
"status": "affected",
"version": "CJ1G 0.0",
"versionType": "custom"
},
{
"lessThan": "4.1",
"status": "affected",
"version": "CS1H 0.0",
"versionType": "custom"
},
{
"lessThan": "4.1",
"status": "affected",
"version": "CS1G 0.0",
"versionType": "custom"
},
{
"lessThan": "1.4",
"status": "affected",
"version": "CS1D-H 0.0",
"versionType": "custom"
},
{
"lessThan": "1.3",
"status": "affected",
"version": "CP1E-E 0.0",
"versionType": "custom"
},
{
"lessThan": "1.3",
"status": "affected",
"version": "CP1E-N 0.0",
"versionType": "custom"
},
{
"lessThan": "1.4",
"status": "affected",
"version": "CS1D-P 0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic."
}
],
"value": "The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic."
}
],
"impacts": [
{
"capecId": "CAPEC-629",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-629 Unauthorized Use of Device Resources"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T17:22:14.476Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf"
},
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Omron FINS memory protection susceptible to bruteforce",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2022-45790",
"datePublished": "2024-01-22T17:22:14.476Z",
"dateReserved": "2022-11-22T17:52:43.198Z",
"dateUpdated": "2024-11-13T16:53:38.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45794 (GCVE-0-2022-45794)
Vulnerability from cvelistv5 – Published: 2024-01-10 22:56 – Updated: 2025-05-22 15:46
VLAI?
Summary
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.
Severity ?
8.6 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | CJ-series and CS-series CPU modules |
Affected:
0
|
Credits
Reid Wightman of Dragos, Inc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T18:20:27.535175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:46:32.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "CJ-series and CS-series CPU modules",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.\u003cbr\u003e"
}
],
"value": "An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:39:10.643Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf"
},
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Omron CJ-series and CS-series unauthenticated filesystem access.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2022-45794",
"datePublished": "2024-01-10T22:56:58.836Z",
"dateReserved": "2022-11-22T17:52:43.199Z",
"dateUpdated": "2025-05-22T15:46:32.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45793 (GCVE-0-2022-45793)
Vulnerability from cvelistv5 – Published: 2024-01-10 20:49 – Updated: 2025-04-17 15:42
VLAI?
Summary
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
Severity ?
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | Sysmac Studio |
Affected:
0 , ≤ 1.54.0
(custom)
|
Credits
Reid Wightman of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T19:43:03.624295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:42:42.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit",
"32 bit"
],
"product": "Sysmac Studio",
"vendor": "Omron",
"versions": [
{
"lessThanOrEqual": "1.54.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
}
],
"value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
}
],
"impacts": [
{
"capecId": "CAPEC-558",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-558 Replace Trusted Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:32:24.144Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
},
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Executable files writable by low-privileged users in Omron Sysmac Studio",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2022-45793",
"datePublished": "2024-01-10T20:49:36.082Z",
"dateReserved": "2022-11-22T17:52:43.199Z",
"dateUpdated": "2025-04-17T15:42:42.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22277 (GCVE-0-2023-22277)
Vulnerability from cvelistv5 – Published: 2023-08-03 13:05 – Updated: 2024-10-17 14:21
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:21:26.727465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:21:36.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:05:45.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22277",
"datePublished": "2023-08-03T13:05:45.204Z",
"dateReserved": "2022-12-27T15:57:55.077Z",
"dateUpdated": "2024-10-17T14:21:36.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22314 (GCVE-0-2023-22314)
Vulnerability from cvelistv5 – Published: 2023-08-03 12:59 – Updated: 2024-10-17 14:27
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:27:26.735010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:27:35.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:08:22.396Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22314",
"datePublished": "2023-08-03T12:59:07.012Z",
"dateReserved": "2022-12-27T15:57:55.088Z",
"dateUpdated": "2024-10-17T14:27:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22317 (GCVE-0-2023-22317)
Vulnerability from cvelistv5 – Published: 2023-08-03 12:56 – Updated: 2024-10-17 15:34
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:33:38.630665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:34:00.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:07:10.073Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22317",
"datePublished": "2023-08-03T12:56:14.503Z",
"dateReserved": "2022-12-27T15:57:55.084Z",
"dateUpdated": "2024-10-17T15:34:00.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38748 (GCVE-0-2023-38748)
Vulnerability from cvelistv5 – Published: 2023-08-03 05:09 – Updated: 2024-10-17 15:44
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:44:38.294238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:44:46.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:09:16.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38748",
"datePublished": "2023-08-03T05:09:16.186Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:44:46.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38747 (GCVE-0-2023-38747)
Vulnerability from cvelistv5 – Published: 2023-08-03 05:00 – Updated: 2024-10-21 19:34
VLAI?
Summary
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:33:15.295856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:34:50.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:00:34.672Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38747",
"datePublished": "2023-08-03T05:00:34.672Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-21T19:34:50.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38746 (GCVE-0-2023-38746)
Vulnerability from cvelistv5 – Published: 2023-08-03 04:58 – Updated: 2024-10-17 15:03
VLAI?
Summary
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:02:40.370304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:03:39.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T04:58:30.228Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38746",
"datePublished": "2023-08-03T04:58:30.228Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:03:39.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27385 (GCVE-0-2023-27385)
Vulnerability from cvelistv5 – Published: 2023-05-10 00:00 – Updated: 2025-01-28 14:23
VLAI?
Summary
Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.
Severity ?
7.8 (High)
CWE
- Buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Drive All models |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-004_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97372625/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:23:03.703347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:23:09.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Drive All models",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.\r\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T10:54:24.555Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-004_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97372625/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27385",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-28T14:23:09.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0811 (GCVE-0-2023-0811)
Vulnerability from cvelistv5 – Published: 2023-03-16 17:41 – Updated: 2025-01-16 21:42
VLAI?
Summary
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
Credits
Sam Hanson of Dragos reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:56:16.921497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:42:32.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "CJ2H-CPU6 \u25a1 -EIP",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CJ2H-CPU6 \u25a1",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CJ2M-CPU \u25a1 \u25a1",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CJ1G-CPU \u25a1 \u25a1 P",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1H-CPU \u25a1 \u25a1 H",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1G-CPU \u25a1 \u25a1 H",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 HA",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 H",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 SA",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 S",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 P",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP2E-E \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP2E-S \u25a1 \u25a1 D \u25a1- \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP2E-N \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1H-X40D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1H-XA40D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1H-Y20DT-D",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-EL20D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-EM \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-L \u25a1 \u25a1 D \u25a1- \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-M \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1E-E \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1E-NA \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos reported these vulnerabilities to CISA. "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOmron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. \u003c/span\u003e\n\n"
}
],
"value": "\nOmron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T17:45:14.919Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01"
},
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eOMRON has released the following countermeasures for users to implement: \u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit) \u003c/li\u003e\u003cli\u003eSet UM read protection password and \u201cProhibit from overwriting to a protected program \u201coption. \u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures: \u003c/p\u003e\u003cp\u003eSecurity measures to prevent unauthorized access: \u003c/p\u003e\u003cul\u003e\u003cli\u003eIf the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. \u003cul\u003e\u003cli\u003eEnable the FINS write protection function. \u003c/li\u003e\u003cli\u003eSelect the Protect by IP Address \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eMinimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them. \u0026nbsp;\u003c/li\u003e\u003cli\u003eImplement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network. \u003c/li\u003e\u003cli\u003eUse a virtual private network (VPN) for remote access to control systems and equipment. \u003c/li\u003e\u003cli\u003eUse strong passwords and change them frequently. \u003c/li\u003e\u003cli\u003eInstall physical controls so that only authorized personnel can access control systems and equipment. \u003c/li\u003e\u003cli\u003eScan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. \u003c/li\u003e\u003cli\u003eEnforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. \u003c/li\u003e\u003cli\u003eAnti-virus protection \u003cul\u003e\u003cli\u003eProtect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eData input and output protection \u003cul\u003e\u003cli\u003eValidation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eData recovery \u003cul\u003e\u003cli\u003ePeriodical data backup and maintenance to prepare for data loss. \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see Omron\u2019s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf\"\u003eSecurity Advisory\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOMRON has released the following countermeasures for users to implement: \n\n * Enable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit) \n * Set UM read protection password and \u201cProhibit from overwriting to a protected program \u201coption. \n\n\nIf the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures: \n\nSecurity measures to prevent unauthorized access: \n\n * If the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. * Enable the FINS write protection function. \n * Select the Protect by IP Address \n\n\n\n * Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them. \u00a0\n * Implement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network. \n * Use a virtual private network (VPN) for remote access to control systems and equipment. \n * Use strong passwords and change them frequently. \n * Install physical controls so that only authorized personnel can access control systems and equipment. \n * Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. \n * Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. \n * Anti-virus protection * Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. \n\n\n\n * Data input and output protection * Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. \n\n\n\n * Data recovery * Periodical data backup and maintenance to prepare for data loss. \n\n\n\n\n\nFor more information, see Omron\u2019s Security Advisory https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf .\n\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0811",
"datePublished": "2023-03-16T17:41:25.525Z",
"dateReserved": "2023-02-13T15:41:55.590Z",
"dateUpdated": "2025-01-16T21:42:32.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22322 (GCVE-0-2023-22322)
Vulnerability from cvelistv5 – Published: 2023-01-30 00:00 – Updated: 2025-03-27 20:17
VLAI?
Summary
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed.
Severity ?
5.5 (Medium)
CWE
- XML external entities (XXE)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Motion Pro |
Affected:
1.4.6.013 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94200979/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T20:16:36.548819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:17:03.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Motion Pro",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "1.4.6.013 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU94200979/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22322",
"datePublished": "2023-01-30T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-27T20:17:03.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46282 (GCVE-0-2022-46282)
Vulnerability from cvelistv5 – Published: 2022-12-21 00:00 – Updated: 2025-04-16 16:04
VLAI?
Summary
Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,
Severity ?
7.8 (High)
CWE
- Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Drive |
Affected:
V3.00 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:44.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92689335/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T16:03:50.064948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:04:18.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Drive",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92689335/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-46282",
"datePublished": "2022-12-21T00:00:00.000Z",
"dateReserved": "2022-12-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:04:18.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43667 (GCVE-0-2022-43667)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:09
VLAI?
Summary
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:05.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:08:22.472874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:09:01.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43667",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:09:01.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43509 (GCVE-0-2022-43509)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:18
VLAI?
Summary
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:17:47.602031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:18:24.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43509",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:18:24.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43508 (GCVE-0-2022-43508)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:46
VLAI?
Summary
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Use-after-free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:44:19.369346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:46:05.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43508",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:46:05.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3396 (GCVE-0-2022-3396)
Vulnerability from cvelistv5 – Published: 2022-10-06 16:14 – Updated: 2025-04-16 17:46
VLAI?
Summary
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON | CX-Programmer |
Affected:
unspecified , ≤ 9.78
(custom)
|
Credits
Xina1i, working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:02.234131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:46:43.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON",
"versions": [
{
"lessThanOrEqual": "9.78",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-06T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron has released an update through their Auto Update Service to fix the reported issues. Omron recommends updating to the latest version: Omron CX-Programmer v9.79\n\nFor more information, users should see the Omron release note."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OMRON CX-Programmer Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3396",
"datePublished": "2022-10-06T16:14:45.632Z",
"dateReserved": "2022-10-03T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:46:43.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3398 (GCVE-0-2022-3398)
Vulnerability from cvelistv5 – Published: 2022-10-06 16:14 – Updated: 2025-04-16 17:46
VLAI?
Summary
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON | CX-Programmer |
Affected:
unspecified , ≤ 9.78
(custom)
|
Credits
Xina1i, working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:04.953032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:46:52.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON",
"versions": [
{
"lessThanOrEqual": "9.78",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-06T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron has released an update through their Auto Update Service to fix the reported issues. Omron recommends updating to the latest version: Omron CX-Programmer v9.79\n\nFor more information, users should see the Omron release note."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OMRON CX-Programmer Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3398",
"datePublished": "2022-10-06T16:14:42.036Z",
"dateReserved": "2022-10-03T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:46:52.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3397 (GCVE-0-2022-3397)
Vulnerability from cvelistv5 – Published: 2022-10-06 16:14 – Updated: 2025-04-16 17:47
VLAI?
Summary
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON | CX-Programmer |
Affected:
unspecified , ≤ 9.78
(custom)
|
Credits
Xina1i, working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:07.586630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:47:06.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON",
"versions": [
{
"lessThanOrEqual": "9.78",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-06T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron has released an update through their Auto Update Service to fix the reported issues. Omron recommends updating to the latest version: Omron CX-Programmer v9.79\n\nFor more information, users should see the Omron release note."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OMRON CX-Programmer Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3397",
"datePublished": "2022-10-06T16:14:37.846Z",
"dateReserved": "2022-10-03T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:47:06.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2979 (GCVE-0-2022-2979)
Vulnerability from cvelistv5 – Published: 2022-09-12 19:24 – Updated: 2025-04-16 17:47
VLAI?
Summary
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | CX-Programmer |
Affected:
All , < v9.78
(custom)
|
Credits
xina1i, working with Trend Micro’s Zero Day Initiative, reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:19.497671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:47:50.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "Omron",
"versions": [
{
"lessThan": "v9.78",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported this vulnerability to CISA."
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T19:24:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron recommends updating to the latest version:\n\nOmron CX-Programmer: Update to v9.78\nShould assistance be needed for the update process, users should contact Omron. \n\nOmron provides additional mitigations to reduce the risk:\n\nUse antivirus protection by protecting any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade antivirus software protection.\nUse strong passwords and change them frequently.\nInstall physical controls, allowing only authorized personnel access to control systems and equipment.\nPerform virus scans to ensure safety of any USB drives or similar devices before connecting to systems and devices.\nEnforce multifactor authentication on all devices with remote access to control systems and equipment whenever possible.\nPerform validation processing, such as backup and range checks, to cope with unintentional modification of input/output data to control systems and devices.\nPerform periodic data backup and maintenance to prepare for data loss."
}
],
"source": {
"advisory": "ICSA-22-242-09",
"discovery": "EXTERNAL"
},
"title": "Omron CX-Programmer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-30T17:00:00.000Z",
"ID": "CVE-2022-2979",
"STATE": "PUBLIC",
"TITLE": "Omron CX-Programmer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.78"
}
]
}
}
]
},
"vendor_name": "Omron"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09"
}
]
},
"solution": [
{
"lang": "en",
"value": "Omron recommends updating to the latest version:\n\nOmron CX-Programmer: Update to v9.78\nShould assistance be needed for the update process, users should contact Omron. \n\nOmron provides additional mitigations to reduce the risk:\n\nUse antivirus protection by protecting any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade antivirus software protection.\nUse strong passwords and change them frequently.\nInstall physical controls, allowing only authorized personnel access to control systems and equipment.\nPerform virus scans to ensure safety of any USB drives or similar devices before connecting to systems and devices.\nEnforce multifactor authentication on all devices with remote access to control systems and equipment whenever possible.\nPerform validation processing, such as backup and range checks, to cope with unintentional modification of input/output data to control systems and devices.\nPerform periodic data backup and maintenance to prepare for data loss."
}
],
"source": {
"advisory": "ICSA-22-242-09",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2979",
"datePublished": "2022-09-12T19:24:03.386Z",
"dateReserved": "2022-08-24T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:47:50.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31204 (GCVE-0-2022-31204)
Vulnerability from cvelistv5 – Published: 2022-07-26 21:28 – Updated: 2024-08-03 07:11
VLAI?
Summary
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.forescout.com/blog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-26T21:28:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.forescout.com/blog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.forescout.com/blog/",
"refsource": "MISC",
"url": "https://www.forescout.com/blog/"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31204",
"datePublished": "2022-07-26T21:28:29",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26419 (GCVE-0-2022-26419)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2025-04-16 17:57
VLAI?
Summary
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | CX-Position |
Affected:
unspecified , ≤ 2.5.3
(custom)
|
Credits
xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:14.434621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:57:14.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Position",
"vendor": "Omron",
"versions": [
{
"lessThanOrEqual": "2.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T15:06:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Designer Code Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-03-29T19:11:00.000Z",
"ID": "CVE-2022-26419",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Studio 5000 Logix Designer Code Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Position",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.3"
}
]
}
}
]
},
"vendor_name": "Omron"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-26419",
"datePublished": "2022-04-01T22:17:56.304Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:57:14.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26022 (GCVE-0-2022-26022)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2025-04-16 17:57
VLAI?
Summary
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | CX-Position |
Affected:
unspecified , ≤ 2.5.3
(custom)
|
Credits
xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-581/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:17.037995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:57:23.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Position",
"vendor": "Omron",
"versions": [
{
"lessThanOrEqual": "2.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T15:06:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-581/"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-03-29T19:11:00.000Z",
"ID": "CVE-2022-26022",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Position",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.3"
}
]
}
}
]
},
"vendor_name": "Omron"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-581/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-581/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-26022",
"datePublished": "2022-04-01T22:17:55.227Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:57:23.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25959 (GCVE-0-2022-25959)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2025-04-16 17:57
VLAI?
Summary
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | CX-Position |
Affected:
unspecified , ≤ 2.5.3
(custom)
|
Credits
xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:23.242858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:57:41.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Position",
"vendor": "Omron",
"versions": [
{
"lessThanOrEqual": "2.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T15:06:08.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-03-29T19:11:00.000Z",
"ID": "CVE-2022-25959",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Position",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.3"
}
]
}
}
]
},
"vendor_name": "Omron"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-25959",
"datePublished": "2022-04-01T22:17:53.047Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:57:41.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26417 (GCVE-0-2022-26417)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2025-04-16 17:57
VLAI?
Summary
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | CX-Position |
Affected:
unspecified , ≤ 2.5.3
(custom)
|
Credits
xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-578/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:20.339620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:57:32.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Position",
"vendor": "Omron",
"versions": [
{
"lessThanOrEqual": "2.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T15:06:07.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-578/"
}
],
"solutions": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Designer Use After Free",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-03-29T19:11:00.000Z",
"ID": "CVE-2022-26417",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Studio 5000 Logix Designer Use After Free"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Position",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.3"
}
]
}
}
]
},
"vendor_name": "Omron"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-578/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-578/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
}
],
"source": {
"advisory": "ICSA-22-088-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-26417",
"datePublished": "2022-04-01T22:17:53.991Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:57:32.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25325 (GCVE-0-2022-25325)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25325",
"datePublished": "2022-03-07T09:00:43",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25234 (GCVE-0-2022-25234)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25234",
"datePublished": "2022-03-07T09:00:41",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25230 (GCVE-0-2022-25230)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:40",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25230",
"datePublished": "2022-03-07T09:00:40",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21219 (GCVE-0-2022-21219)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
VLAI?
Summary
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21219",
"datePublished": "2022-03-07T09:00:38",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}