CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22366
https://notcve.org/view.php?id=CVE-2023-22366
17 Jan 2023 — CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. CX-Motion-MCH v2.32 y anteriores contienen un acceso de vulnerabilidad de puntero no inicializado. Hacer que un usuario abra un archivo de proyecto especialmente manipulado puede provocar la divulgación de información y/o la ejecución de código arbitrario. • https://jvn.jp/en/vu/JVNVU91744508/index.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46282
https://notcve.org/view.php?id=CVE-2022-46282
21 Dec 2022 — Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, Vulnerabilidad de use after free en CX-Drive V3.00 y versiones anteriores permite a un atacante local ejecutar código arbitrario al hacer que un usuario abra un archivo especialmente manipulado. • https://jvn.jp/en/vu/JVNVU92689335/index.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43508
https://notcve.org/view.php?id=CVE-2022-43508
07 Dec 2022 — Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Existe una vulnerabilidad de use after free en CX-Programmer v.9.77 y versiones anteriores, que puede provocar la divulgación de información y/o la ejecución de código arbitrario al hacer que un usuario abra un archivo CXP especialmente manipulado. • https://jvn.jp/en/vu/JVNVU92877622/index.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43509 – Omron CX-One CX-Programmer CXP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43509
07 Dec 2022 — Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Existe una vulnerabilidad de escritura fuera de los límites en CX-Programmer v.9.77 y versiones anteriores, que puede provocar la divulgación de información y/o la ejecución de código arbitrario al pedirle a un usuario que abra un archivo CXP especialmente manipulado. This vulnerability allows remote atta... • https://jvn.jp/en/vu/JVNVU92877622/index.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43667
https://notcve.org/view.php?id=CVE-2022-43667
07 Dec 2022 — Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en CX-Programmer v.9.77 y versiones anteriores, lo que puede provocar la divulgación de información y/o la ejecución de código arbitrario al hacer que un usuario abra un archivo CXP especialmente manipulado. • https://jvn.jp/en/vu/JVNVU92877622/index.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3396 – OMRON CX-Programmer Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-3396
06 Oct 2022 — OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. OMRON CX-Programmer versiones 9.78 y anteriores, es vulnerable a una Escritura Fuera de Límites, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3398 – OMRON CX-Programmer Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-3398
06 Oct 2022 — OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. OMRON CX-Programmer versiones 9.78 y anteriores, son vulnerables a uns Escritura Fuera de Límites, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3397 – OMRON CX-Programmer Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-3397
06 Oct 2022 — OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. OMRON CX-Programmer versiones 9.78 y anteriores, es vulnerable a una Escritura Fuera de Límites, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2979 – Omron CX-Programmer
https://notcve.org/view.php?id=CVE-2022-2979
12 Sep 2022 — Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Una apertura de un archivo especialmente diseñado podría causar que el producto afectado no libere su referencia de memoria, resultando potencialmente en una ejecución de código arbitrario • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31207
https://notcve.org/view.php?id=CVE-2022-31207
26 Jul 2022 — The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where i... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 • CWE-347: Improper Verification of Cryptographic Signature •