Omron: >> Cx-Programmer >> 9.66 Security Vulnerabilities
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-06
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-06
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-12
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-03-10
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-03-10
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-10
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-03-10
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-10
When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVSS Score
6.6
EPSS Score
0.002
Published
2019-04-10
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-12-04