CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26417 – Rockwell Automation Studio 5000 Logix Designer Use After Free
https://notcve.org/view.php?id=CVE-2022-26417
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una condición de uso de memoria previamente liberada mientras procesa un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI files in the CX-Position module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 https://www.zerodayinitiative.com/advisories/ZDI-22-578 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25959 – Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer
https://notcve.org/view.php?id=CVE-2022-25959
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una corrupción de memoria mientras es procesado un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI files in the CX-Position module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 https://www.zerodayinitiative.com/advisories/ZDI-22-577 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25325
https://notcve.org/view.php?id=CVE-2022-25325
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. Una vulnerabilidad de uso de memoria previamente liberada en CX-Programmer versiones v9.76.1 y anteriores, que forma parte de la suite CX-One (v4.60), permite a un atacante causar una divulgación de información y/o una ejecución de código arbitrario haciendo que un usuario abra un archivo CXP especialmente diseñado. Esta vulnerabilidad es diferente de CVE-2022-25230 • https://jvn.jp/en/vu/JVNVU90121984/index.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25234
https://notcve.org/view.php?id=CVE-2022-25234
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. Una vulnerabilidad de escritura fuera de límites en CX-Programmer versiones v9.76.1 y anteriores, que forma parte de la suite CX-One (versión v4.60), permite a un atacante causar una divulgación de información y/o la ejecución de código arbitrario haciendo que un usuario abra un archivo CXP especialmente diseñado. Esta vulnerabilidad es diferente de CVE-2022-21124 • https://jvn.jp/en/vu/JVNVU90121984/index.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25230
https://notcve.org/view.php?id=CVE-2022-25230
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. Una vulnerabilidad de Uso de Memoria previamente Liberada en CX-Programmer versiones v9.76.1 y anteriores, que forma parte de la suite CX-One versión (v4.60), permite a un atacante causar una divulgación de información y/o una ejecución de código arbitrario haciendo que un usuario abra un archivo CXP especialmente diseñado. Esta vulnerabilidad es diferente de CVE-2022-25325 • https://jvn.jp/en/vu/JVNVU90121984/index.html • CWE-416: Use After Free •