CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3397 – OMRON CX-Programmer Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-3397
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. OMRON CX-Programmer versiones 9.78 y anteriores, es vulnerable a una Escritura Fuera de Límites, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2979 – Omron CX-Programmer
https://notcve.org/view.php?id=CVE-2022-2979
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Una apertura de un archivo especialmente diseñado podría causar que el producto afectado no libere su referencia de memoria, resultando potencialmente en una ejecución de código arbitrario • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31207
https://notcve.org/view.php?id=CVE-2022-31207
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 50EXPL: 0CVE-2022-31206
https://notcve.org/view.php?id=CVE-2022-31206
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31205
https://notcve.org/view.php?id=CVE-2022-31205
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. En los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, la contraseña de acceso a la Interfaz de Usuario Web es almacenada en el área de memoria D1449...D1452 y puede leerse mediante el protocolo FINS de Omron sin necesidad de ninguna otra autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-312: Cleartext Storage of Sensitive Information •