CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45792 – Directory Traversal in Project File Format allows overwrite (Zip Slip)
https://notcve.org/view.php?id=CVE-2022-45792
22 Jan 2024 — Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. Los archivos de proyecto pueden contener contenidos maliciosos que el software utilizará para crear archivos en el sistema de archivos. Esto permite directory traversal y sobrescribir archivos con los privilegios del usuario que ha iniciado sesión. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45793 – Executable files writable by low-privileged users in Omron Sysmac Studio
https://notcve.org/view.php?id=CVE-2022-45793
10 Jan 2024 — Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. [PROBLEMTYPE] en [VENDOR] [PRODUCT] [VERSION] en [PLATFORMS] permite al [ATTACKER] hacer [IMPACT]. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04 • CWE-276: Incorrect Default Permissions •
CVSS: 8.1EPSS: 1%CPEs: 113EXPL: 0CVE-2022-34151
https://notcve.org/view.php?id=CVE-2022-34151
04 Jul 2022 — Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user crede... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 0%CPEs: 113EXPL: 0CVE-2022-33208
https://notcve.org/view.php?id=CVE-2022-33208
04 Jul 2022 — Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communicat... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-294: Authentication Bypass by Capture-replay •