CVE-2022-43667
https://notcve.org/view.php?id=CVE-2022-43667
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en CX-Programmer v.9.77 y versiones anteriores, lo que puede provocar la divulgación de información y/o la ejecución de código arbitrario al hacer que un usuario abra un archivo CXP especialmente manipulado. • https://jvn.jp/en/vu/JVNVU92877622/index.html https://jvn.jp/vu/JVNVU92877622/index.html • CWE-787: Out-of-bounds Write •
CVE-2022-43508
https://notcve.org/view.php?id=CVE-2022-43508
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Existe una vulnerabilidad de use after free en CX-Programmer v.9.77 y versiones anteriores, que puede provocar la divulgación de información y/o la ejecución de código arbitrario al hacer que un usuario abra un archivo CXP especialmente manipulado. • https://jvn.jp/en/vu/JVNVU92877622/index.html https://jvn.jp/vu/JVNVU92877622/index.html • CWE-416: Use After Free •
CVE-2022-43509 – Omron CX-One CX-Programmer CXP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43509
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Existe una vulnerabilidad de escritura fuera de los límites en CX-Programmer v.9.77 y versiones anteriores, que puede provocar la divulgación de información y/o la ejecución de código arbitrario al pedirle a un usuario que abra un archivo CXP especialmente manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://jvn.jp/en/vu/JVNVU92877622/index.html https://jvn.jp/vu/JVNVU92877622/index.html • CWE-787: Out-of-bounds Write •
CVE-2022-3396 – OMRON CX-Programmer Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-3396
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. OMRON CX-Programmer versiones 9.78 y anteriores, es vulnerable a una Escritura Fuera de Límites, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04 • CWE-787: Out-of-bounds Write •
CVE-2022-3398 – OMRON CX-Programmer Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-3398
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. OMRON CX-Programmer versiones 9.78 y anteriores, son vulnerables a uns Escritura Fuera de Límites, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CXP files in the CX-Position module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04 • CWE-787: Out-of-bounds Write •