CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18989 – OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-18989
04 Dec 2018 — In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. En CX-One, en versiones 4.42 y anteriores (CX-Programmer en versiones 9.66 y anteriores y CX-Server en versiones 5.0.23 y anteriores), al procesar archivos de proyecto, la apli... • http://www.securityfocus.com/bid/106106 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18993 – OMRON CX-One CXP File Parsing Stack-based Buffer Overflow Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-18993
04 Dec 2018 — Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. Se han descubierto dos vulnerabilidades de desbordamiento de búfer basado en pila en CX-One, en versiones... • http://www.securityfocus.com/bid/106106 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-8834 – OMRON CX-One CX-FLnet Node Name Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8834
11 Apr 2018 — Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow. El análisis sintáctico de archivos de proyecto mal formados en Omron CX-One, en versiones 4.42 y anteriores, incluyendo... • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7514 – OMRON CX-One SBA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7514
11 Apr 2018 — Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow. El análisis sintáctico de archivos de proyecto mal formados en Omron CX-One, en versiones 4.42 y anteriores, incluyend... • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7530 – OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7530
11 Apr 2018 — Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition. El análisis sintáctico de archivos de p... • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0987
https://notcve.org/view.php?id=CVE-2015-0987
03 Oct 2015 — Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. Omron CX-One CX-Programmer en versiones anteriores a 9.6, dispositivos CJ2M PLC en versiones anteriores a 2.1 y dispositivos CJ2H PLC en versiones anteriores a 1.5 confían en la transmisión de contraseña en texto plano, lo que permite a atacantes remotos o... • https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0988
https://notcve.org/view.php?id=CVE-2015-0988
03 Oct 2015 — Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. Omron CX-One CX-Programmer en versiones anteriores a 9.6 utiliza un fomato reversible para el almacenamiento de contraseña en archivos del código fuente del proyecto, lo que hace más fácil para usuarios locales obtener información sensible mediante la lectura de un archivo. • https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1015
https://notcve.org/view.php?id=CVE-2015-1015
03 Oct 2015 — Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. Omron CX-One CX-Programmer en versiones anteriores a 9.6, dispositivos CJ2M PLC en versiones anteriores a 2.1 y dispositivos CJ2H PLC en versiones anteriores a 1.5 usan un formato reversible para el almacenamiento de contraseña en archivo... • https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •