CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22317
https://notcve.org/view.php?id=CVE-2023-22317
03 Aug 2023 — Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38748
https://notcve.org/view.php?id=CVE-2023-38748
03 Aug 2023 — Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU93286117 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38747
https://notcve.org/view.php?id=CVE-2023-38747
03 Aug 2023 — Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU93286117 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38746
https://notcve.org/view.php?id=CVE-2023-38746
03 Aug 2023 — Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU93286117 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-38744
https://notcve.org/view.php?id=CVE-2023-38744
03 Aug 2023 — Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of ... • https://jvn.jp/en/vu/JVNVU92193064 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 2%CPEs: 634EXPL: 0CVE-2023-27396
https://notcve.org/view.php?id=CVE-2023-27396
19 Jun 2023 — FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the sys... • https://jvn.jp/en/ta/JVNTA91513661 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27385
https://notcve.org/view.php?id=CVE-2023-27385
10 May 2023 — Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed. • https://jvn.jp/en/vu/JVNVU97372625 • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 256EXPL: 0CVE-2023-0811
https://notcve.org/view.php?id=CVE-2023-0811
16 Mar 2023 — Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22322
https://notcve.org/view.php?id=CVE-2023-22322
30 Jan 2023 — Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed. Existe una restricción inadecuada de la vulnerabilidad de referencia de entidad externa XML (XXE) en OMRON CX-Motion Pro 1.4.6.013 y versiones anteriores. Si un usuario abre un archivo de proyecto especialmente manipulad... • https://jvn.jp/en/vu/JVNVU94200979 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-22357
https://notcve.org/view.php?id=CVE-2023-22357
17 Jan 2023 — Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. Existe un código de depuración activo en OMRON CP1L-EL20DR-D en todas las versiones, lo que puede provocar que un comando que no está... • https://jvn.jp/en/vu/JVNVU97575890/index.html •