cvelistv5 - CVE-2022-43509

CVE-2022-43509 (GCVE-0-2022-43509)

Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:18

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Out-of-bounds Write

Assigner

jpcert

References

URL

	Vendor	Product	Version
	OMRON Corporation	CX-Programmer	Affected: v.9.77 and earlier

GHSA-3C7V-3XG2-5HHF

Vulnerability from github – Published: 2022-12-07 06:30 – Updated: 2022-12-09 03:30

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-07T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.",
  "id": "GHSA-3c7v-3xg2-5hhf",
  "modified": "2022-12-09T03:30:25Z",
  "published": "2022-12-07T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43509"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-22-356-04

Vulnerability from csaf_cisa - Published: 2022-12-22 00:00 - Updated: 2022-12-22 00:00

Summary

Omron CX-Programmer

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow arbitrary code execution or loss of sensitive information if a user opens a specially crafted CX-P file.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Exploitability

This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Xinali"
        ],
        "organization": "Trend Mircos Zero Day Initiative",
        "summary": "reporting this vulnerability to CISA"
      },
      {
        "names": [
          "Michael Heinzl"
        ],
        "summary": "reporting this vulnerability to JPCERT/CC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow arbitrary code execution or loss of sensitive information if a user opens a specially crafted CX-P file.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": " Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": " Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": " Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "This vulnerability is not exploitable remotely.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-356-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-356-04.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-356-04 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "Omron CX-Programmer",
    "tracking": {
      "current_release_date": "2022-12-22T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-22-356-04",
      "initial_release_date": "2022-12-22T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-12-22T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 9.78",
                "product": {
                  "name": "CX-Programmer: CX-Programmer: Versions 9.78 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CX-Programmer"
          }
        ],
        "category": "vendor",
        "name": "Omron"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-43509",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "CX-Programmer is vulnerable to a Out-of-bounds Write when a user opens a specially crafted CXP file. This could cause a loss of sensitive information or arbitrary code execution.CVE-2022-43509 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43509"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Omron released an update via \u201cAuto Update Service\u201d to fix the reported issues. Omron recommends updating to Omron CX-Programmer v9.79",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, see the Omron release notes.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.ia.omron.com/product/tool/26/cxone/e4_doc.html?_ga=2.122882383.558156545.1661312515-1562293325.1567412774#cx_programmer"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2022-43509

Vulnerability from fkie_nvd - Published: 2022-12-07 04:15 - Updated: 2025-04-23 15:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU92877622/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://jvn.jp/vu/JVNVU92877622/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU92877622/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU92877622/index.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	omron	cx-programmer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33316F8C-8E52-4951-9ECF-8715BD248E84",
              "versionEndIncluding": "9.77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en CX-Programmer v.9.77 y versiones anteriores, que puede provocar la divulgaci\u00f3n de informaci\u00f3n y/o la ejecuci\u00f3n de c\u00f3digo arbitrario al pedirle a un usuario que abra un archivo CXP especialmente manipulado."
    }
  ],
  "id": "CVE-2022-43509",
  "lastModified": "2025-04-23T15:15:52.810",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-07T04:15:10.850",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2022-43509

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-43509

Aliases

CVE-2022-43509

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43509",
    "id": "GSD-2022-43509"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43509"
      ],
      "details": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.",
      "id": "GSD-2022-43509",
      "modified": "2023-12-13T01:19:31.628821Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2022-43509",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "CX-Programmer",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "v.9.77 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "OMRON Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jvn.jp/en/vu/JVNVU92877622/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU92877622/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.77",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-43509"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/vu/JVNVU92877622/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
            },
            {
              "name": "https://jvn.jp/en/vu/JVNVU92877622/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-12-09T01:27Z",
      "publishedDate": "2022-12-07T04:15Z"
    }
  }
}

VAR-202211-1695

Vulnerability from variot - Updated: 2024-04-27 11:57

Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1695",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cx-programmer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "omron",
        "version": "9.77"
      },
      {
        "model": "cx-programmer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
        "version": "ver.9.77  and earlier  - cve-2022-43508"
      },
      {
        "model": "cx-programmer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "cx-programmer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
        "version": "ver.9.79  and earlier  - cve-2023-22277 , cve-2023-22317 , cve-2023-22314"
      },
      {
        "model": "cx-programmer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
        "version": "ver.9.78  and earlier  - cve-2022-43509 , cve-2022-43667"
      },
      {
        "model": "cx-one",
        "scope": null,
        "trust": 0.7,
        "vendor": "omron",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.77",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xina1i",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-43509",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-002765",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-43509",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-43509",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-002765",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2022-43509",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202211-3542",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-440561"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-43509",
        "trust": 4.0
      },
      {
        "db": "JVN",
        "id": "JVNVU92877622",
        "trust": 2.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-356-04",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765",
        "trust": 1.4
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-15484",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-634",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6664",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-440561",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-440561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "id": "VAR-202211-1695",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-440561"
      }
    ],
    "trust": 0.63087795
  },
  "last_update_date": "2024-04-27T11:57:39.661000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Information from Omron Corporation",
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92877622/995504/index.html"
      },
      {
        "title": "Omron has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04"
      },
      {
        "title": "Omron CX-Programmer Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216966"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Use of freed memory (CWE-416) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-440561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/vu/jvnvu92877622/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://jvn.jp/en/vu/jvnvu92877622/index.html"
      },
      {
        "trust": 1.5,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43508"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43509"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43667"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22277"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22314"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22317"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-356-04"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-43509/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6664"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002765.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-440561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "db": "VULHUB",
        "id": "VHN-440561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "date": "2022-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-440561"
      },
      {
        "date": "2022-11-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "date": "2022-11-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      },
      {
        "date": "2022-12-07T04:15:10.850000",
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-634"
      },
      {
        "date": "2022-12-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-440561"
      },
      {
        "date": "2024-04-05T09:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      },
      {
        "date": "2022-12-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      },
      {
        "date": "2022-12-09T01:27:25.850000",
        "db": "NVD",
        "id": "CVE-2022-43509"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Omron \u00a0CX-Programmer\u00a0 Multiple vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002765"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-3542"
      }
    ],
    "trust": 0.6
  }
}

JVNDB-2022-002765

Vulnerability from jvndb - Published: 2022-11-28 15:40 - Updated:2024-04-05 18:15

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in OMRON CX-Programmer

Details

CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below. * Use-after-free (CWE-416) - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314 * Out-of-bounds Write (CWE-787) - CVE-2022-43509 * Stack-based Buffer Overflow (CWE-121) - CVE-2022-43667 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU92877622/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43508
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43509
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43667
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-22277
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-22314
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-22317
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43508
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43509
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43667
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-22277
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-22314
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-22317
	IPA SECURITY ALERTS	https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04
	Stack-based Buffer Overflow(CWE-121)	https://cwe.mitre.org/data/definitions/121.html
	Use After Free(CWE-416)	https://cwe.mitre.org/data/definitions/416.html
	Out-of-bounds Write(CWE-787)	https://cwe.mitre.org/data/definitions/787.html

Impacted products

Vendor

Product

OMRON Corporation

CX-Programmer

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002765.html",
  "dc:date": "2024-04-05T18:15+09:00",
  "dcterms:issued": "2022-11-28T15:40+09:00",
  "dcterms:modified": "2024-04-05T18:15+09:00",
  "description": "CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below.\r\n\r\n  * Use-after-free (CWE-416) - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314\r\n  * Out-of-bounds Write (CWE-787) - CVE-2022-43509\r\n  * Stack-based Buffer Overflow (CWE-121) - CVE-2022-43667\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002765.html",
  "sec:cpe": {
    "#text": "cpe:/a:omron:cx-programmer",
    "@product": "CX-Programmer",
    "@vendor": "OMRON Corporation",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002765",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92877622/index.html",
      "@id": "JVNVU#92877622",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43508",
      "@id": "CVE-2022-43508",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43509",
      "@id": "CVE-2022-43509",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43667",
      "@id": "CVE-2022-43667",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22277",
      "@id": "CVE-2023-22277",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22314",
      "@id": "CVE-2023-22314",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22317",
      "@id": "CVE-2023-22317",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43508",
      "@id": "CVE-2022-43508",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43509",
      "@id": "CVE-2022-43509",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43667",
      "@id": "CVE-2022-43667",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22277",
      "@id": "CVE-2023-22277",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22314",
      "@id": "CVE-2023-22314",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22317",
      "@id": "CVE-2023-22317",
      "@source": "NVD"
    },
    {
      "#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04",
      "@id": "ICSA-22-356-04",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/121.html",
      "@id": "CWE-121",
      "@title": "Stack-based Buffer Overflow(CWE-121)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/416.html",
      "@id": "CWE-416",
      "@title": "Use After Free(CWE-416)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/787.html",
      "@id": "CWE-787",
      "@title": "Out-of-bounds Write(CWE-787)"
    }
  ],
  "title": "Multiple vulnerabilities in OMRON CX-Programmer"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-43509 (GCVE-0-2022-43509)

GHSA-3C7V-3XG2-5HHF

ICSA-22-356-04

FKIE_CVE-2022-43509

GSD-2022-43509

VAR-202211-1695

JVNDB-2022-002765

Tags

Sightings

Nomenclature