cbcvebase.

Omron Cx-Programmer vulnerabilities

28 known vulnerabilities affecting omron/cx-programmer.

Total CVEs
28
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH21MEDIUM1LOW2

Vulnerabilities

Page 1 of 2
CVE-2022-3398P3CRITICALCVSS 9.8≤ 9.78≥ unspecified, ≤ 9.782022-10-06
CVE-2022-3398 [CRITICAL] CWE-787 CVE-2022-3398: OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attac OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
nvd
CVE-2022-3396P3CRITICALCVSS 9.8≤ 9.78≥ unspecified, ≤ 9.782022-10-06
CVE-2022-3396 [CRITICAL] CWE-787 CVE-2022-3396: OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attac OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
nvd
CVE-2022-3397P3CRITICALCVSS 9.8≤ 9.78≥ unspecified, ≤ 9.782022-10-06
CVE-2022-3397 [CRITICAL] CWE-787 CVE-2022-3397: OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attac OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
nvd
CVE-2015-0987P3CRITICALCVSS 10.0≤ 9.52015-10-06
CVE-2015-0987 [CRITICAL] CWE-200 CVE-2015-0987: Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
nvd
CVE-2018-18993P3HIGHCVSS 7.8≤ 9.662018-12-04
CVE-2018-18993 [HIGH] CWE-121 CVE-2018-18993: Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and pri Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and
nvd
CVE-2022-31204P3HIGHCVSS 7.5fixed in 9.62022-07-26
CVE-2022-31204 [HIGH] CWE-319 CVE-2022-31204: Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feat Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Ar
nvd
CVE-2022-21124P3HIGHCVSS 7.8fixed in 9.772022-03-10
CVE-2022-21124 [HIGH] CWE-787 CVE-2022-21124: Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4 Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.
nvd
CVE-2022-25325P3HIGHCVSS 7.8fixed in 9.772022-03-10
CVE-2022-25325 [HIGH] CVE-2022-25325: Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
nvd
CVE-2022-25230P3HIGHCVSS 7.8fixed in 9.772022-03-10
CVE-2022-25230 [HIGH] CWE-416 CVE-2022-25230: Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.
nvd
CVE-2018-18989P3HIGHCVSS 7.8≤ 9.662018-12-04
CVE-2018-18989 [HIGH] CWE-416 CVE-2018-18989: In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0. In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
nvd
CVE-2022-25234P3HIGHCVSS 7.8fixed in 9.772022-03-10
CVE-2022-25234 [HIGH] CVE-2022-25234: Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4 Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
nvd
CVE-2018-7530P3HIGHCVSS 7.8≤ 9.652018-04-17
CVE-2018-7530 [HIGH] CWE-843 CVE-2018-7530: Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, ma
nvd
CVE-2018-8834P3HIGHCVSS 7.8≤ 9.652018-04-17
CVE-2018-8834 [HIGH] CWE-122 CVE-2018-8834: Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, ma
nvd
CVE-2018-7514P3HIGHCVSS 7.8≤ 9.652018-04-17
CVE-2018-7514 [HIGH] CWE-121 CVE-2018-7514: Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, ma
nvd
CVE-2023-22317P3HIGHCVSS 7.8≤ 9.792023-08-03
CVE-2023-22317 [HIGH] CVE-2023-22317: Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a s Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
nvd
CVE-2023-22277P3HIGHCVSS 7.8≤ 9.792023-08-03
CVE-2023-22277 [HIGH] CWE-416 CVE-2023-22277: Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a s Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
nvd
CVE-2023-22314P3HIGHCVSS 7.8≤ 9.792023-08-03
CVE-2023-22314 [HIGH] CVE-2023-22314: Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a s Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
nvd
CVE-2023-38748P3HIGHCVSS 7.8≤ 9.802023-08-03
CVE-2023-38748 [HIGH] CWE-416 CVE-2023-38748: Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and e Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
nvd
CVE-2022-43508P3HIGHCVSS 7.8≤ 9.772022-12-07
CVE-2022-43508 [HIGH] CWE-416 CVE-2022-43508: Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to informati Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
nvd
CVE-2022-43509P3HIGHCVSS 7.8≤ 9.772022-12-07
CVE-2022-43509 [HIGH] CWE-787 CVE-2022-43509: Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to info Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
nvd