CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45793 – Executable files writable by low-privileged users in Omron Sysmac Studio
https://notcve.org/view.php?id=CVE-2022-45793
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. [PROBLEMTYPE] en [VENDOR] [PRODUCT] [VERSION] en [PLATFORMS] permite al [ATTACKER] hacer [IMPACT]. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04 https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22277
https://notcve.org/view.php?id=CVE-2023-22277
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22314
https://notcve.org/view.php?id=CVE-2023-22314
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22317
https://notcve.org/view.php?id=CVE-2023-22317
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38748
https://notcve.org/view.php?id=CVE-2023-38748
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU93286117 https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf • CWE-416: Use After Free •