CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49501
https://notcve.org/view.php?id=CVE-2024-49501
01 Nov 2024 — Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function. • https://jvn.jp/en/vu/JVNVU95685374 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33687
https://notcve.org/view.php?id=CVE-2024-33687
24 Jun 2024 — Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. • https://jvn.jp/en/vu/JVNVU92504444 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31412
https://notcve.org/view.php?id=CVE-2024-31412
01 May 2024 — Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. Existe una vulnerabilidad de lectura fuera de los límites en CX-Programmer incluido en CX-One CXONE-AL[][]D-V4 Ver. 9.81 o menor. Abrir un archivo de proyecto especialmente manipulado puede provocar la divulgación de información y/o el bloqueo del producto. • https://jvn.jp/en/vu/JVNVU98274902 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2024-27121
https://notcve.org/view.php?id=CVE-2024-27121
12 Mar 2024 — Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section. Existe una vulnerabilidad de path traversal en Machine Automat... • https://jvn.jp/en/vu/JVNVU95852116/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45792 – Directory Traversal in Project File Format allows overwrite (Zip Slip)
https://notcve.org/view.php?id=CVE-2022-45792
22 Jan 2024 — Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. Los archivos de proyecto pueden contener contenidos maliciosos que el software utilizará para crear archivos en el sistema de archivos. Esto permite directory traversal y sobrescribir archivos con los privilegios del usuario que ha iniciado sesión. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 0%CPEs: 92EXPL: 0CVE-2022-45790 – Omron FINS memory protection susceptible to bruteforce
https://notcve.org/view.php?id=CVE-2022-45790
22 Jan 2024 — The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. El protocolo Omron FINS tiene una función autenticada para evitar el acceso a regiones de memoria. La autenticación es susceptible a ataques de fuerza bruta, lo que puede permitir que un adversario obtenga acceso a la memoria protegida... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.6EPSS: 0%CPEs: 82EXPL: 0CVE-2022-45794 – Omron CJ-series and CS-series unauthenticated filesystem access.
https://notcve.org/view.php?id=CVE-2022-45794
10 Jan 2024 — An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. Un atacante con acceso a la red del PLC afectado (PLC de las series CJ y CS, todas las versiones) puede utilizar un protocolo de red para leer y escribir archivos desde la memoria interna y la tarjeta de memoria del PLC. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45793 – Executable files writable by low-privileged users in Omron Sysmac Studio
https://notcve.org/view.php?id=CVE-2022-45793
10 Jan 2024 — Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. [PROBLEMTYPE] en [VENDOR] [PRODUCT] [VERSION] en [PLATFORMS] permite al [ATTACKER] hacer [IMPACT]. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22277
https://notcve.org/view.php?id=CVE-2023-22277
03 Aug 2023 — Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22314
https://notcve.org/view.php?id=CVE-2023-22314
03 Aug 2023 — Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •