Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
33 vulnerabilities found for CX-Programmer by OMRON Corporation
CVE-2024-31412 (GCVE-0-2024-31412)
Vulnerability from nvd – Published: 2024-05-01 12:52 – Updated: 2024-08-02 01:52
VLAI?
Summary
Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed.
Severity ?
7.8 (High)
CWE
- Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cx-programmer",
"vendor": "omron",
"versions": [
{
"lessThanOrEqual": "9.81",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T14:29:07.641532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T14:36:05.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98274902/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T12:52:13.173Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98274902/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31412",
"datePublished": "2024-05-01T12:52:13.173Z",
"dateReserved": "2024-04-03T10:57:10.684Z",
"dateUpdated": "2024-08-02T01:52:56.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22277 (GCVE-0-2023-22277)
Vulnerability from nvd – Published: 2023-08-03 13:05 – Updated: 2024-10-17 14:21
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:21:26.727465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:21:36.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:05:45.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22277",
"datePublished": "2023-08-03T13:05:45.204Z",
"dateReserved": "2022-12-27T15:57:55.077Z",
"dateUpdated": "2024-10-17T14:21:36.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22317 (GCVE-0-2023-22317)
Vulnerability from nvd – Published: 2023-08-03 12:56 – Updated: 2024-10-17 15:34
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:33:38.630665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:34:00.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:07:10.073Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22317",
"datePublished": "2023-08-03T12:56:14.503Z",
"dateReserved": "2022-12-27T15:57:55.084Z",
"dateUpdated": "2024-10-17T15:34:00.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22314 (GCVE-0-2023-22314)
Vulnerability from nvd – Published: 2023-08-03 12:59 – Updated: 2024-10-17 14:27
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:27:26.735010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:27:35.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:08:22.396Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22314",
"datePublished": "2023-08-03T12:59:07.012Z",
"dateReserved": "2022-12-27T15:57:55.088Z",
"dateUpdated": "2024-10-17T14:27:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38748 (GCVE-0-2023-38748)
Vulnerability from nvd – Published: 2023-08-03 05:09 – Updated: 2024-10-17 15:44
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:44:38.294238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:44:46.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:09:16.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38748",
"datePublished": "2023-08-03T05:09:16.186Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:44:46.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38747 (GCVE-0-2023-38747)
Vulnerability from nvd – Published: 2023-08-03 05:00 – Updated: 2024-10-21 19:34
VLAI?
Summary
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:33:15.295856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:34:50.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:00:34.672Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38747",
"datePublished": "2023-08-03T05:00:34.672Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-21T19:34:50.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38746 (GCVE-0-2023-38746)
Vulnerability from nvd – Published: 2023-08-03 04:58 – Updated: 2024-10-17 15:03
VLAI?
Summary
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:02:40.370304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:03:39.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T04:58:30.228Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38746",
"datePublished": "2023-08-03T04:58:30.228Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:03:39.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43667 (GCVE-0-2022-43667)
Vulnerability from nvd – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:09
VLAI?
Summary
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:05.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:08:22.472874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:09:01.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43667",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:09:01.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43509 (GCVE-0-2022-43509)
Vulnerability from nvd – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:18
VLAI?
Summary
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:17:47.602031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:18:24.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43509",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:18:24.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43508 (GCVE-0-2022-43508)
Vulnerability from nvd – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:46
VLAI?
Summary
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Use-after-free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:44:19.369346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:46:05.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43508",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:46:05.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25325 (GCVE-0-2022-25325)
Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25325",
"datePublished": "2022-03-07T09:00:43.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25234 (GCVE-0-2022-25234)
Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25234",
"datePublished": "2022-03-07T09:00:41.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25230 (GCVE-0-2022-25230)
Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:40.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25230",
"datePublished": "2022-03-07T09:00:40.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21219 (GCVE-0-2022-21219)
Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
VLAI?
Summary
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:38.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21219",
"datePublished": "2022-03-07T09:00:38.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T02:31:59.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21124 (GCVE-0-2022-21124)
Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
VLAI?
Summary
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
},
{
"name": "[oss-security] 20220614 Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/14/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-404.html"
},
{
"name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T17:06:14.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
},
{
"name": "[oss-security] 20220614 Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/14/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-404.html"
},
{
"name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
},
{
"name": "[oss-security] 20220614 Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/06/14/4"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-404.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-404.html"
},
{
"name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21124",
"datePublished": "2022-03-07T09:00:32.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T02:31:59.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31412 (GCVE-0-2024-31412)
Vulnerability from cvelistv5 – Published: 2024-05-01 12:52 – Updated: 2024-08-02 01:52
VLAI?
Summary
Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed.
Severity ?
7.8 (High)
CWE
- Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cx-programmer",
"vendor": "omron",
"versions": [
{
"lessThanOrEqual": "9.81",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T14:29:07.641532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T14:36:05.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98274902/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T12:52:13.173Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98274902/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31412",
"datePublished": "2024-05-01T12:52:13.173Z",
"dateReserved": "2024-04-03T10:57:10.684Z",
"dateUpdated": "2024-08-02T01:52:56.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22277 (GCVE-0-2023-22277)
Vulnerability from cvelistv5 – Published: 2023-08-03 13:05 – Updated: 2024-10-17 14:21
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:21:26.727465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:21:36.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:05:45.204Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22277",
"datePublished": "2023-08-03T13:05:45.204Z",
"dateReserved": "2022-12-27T15:57:55.077Z",
"dateUpdated": "2024-10-17T14:21:36.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22314 (GCVE-0-2023-22314)
Vulnerability from cvelistv5 – Published: 2023-08-03 12:59 – Updated: 2024-10-17 14:27
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:27:26.735010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:27:35.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:08:22.396Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22314",
"datePublished": "2023-08-03T12:59:07.012Z",
"dateReserved": "2022-12-27T15:57:55.088Z",
"dateUpdated": "2024-10-17T14:27:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22317 (GCVE-0-2023-22317)
Vulnerability from cvelistv5 – Published: 2023-08-03 12:56 – Updated: 2024-10-17 15:34
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Ver.9.79 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:33:38.630665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:34:00.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.79 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:07:10.073Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22317",
"datePublished": "2023-08-03T12:56:14.503Z",
"dateReserved": "2022-12-27T15:57:55.084Z",
"dateUpdated": "2024-10-17T15:34:00.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38748 (GCVE-0-2023-38748)
Vulnerability from cvelistv5 – Published: 2023-08-03 05:09 – Updated: 2024-10-17 15:44
VLAI?
Summary
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:44:38.294238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:44:46.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:09:16.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38748",
"datePublished": "2023-08-03T05:09:16.186Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:44:46.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38747 (GCVE-0-2023-38747)
Vulnerability from cvelistv5 – Published: 2023-08-03 05:00 – Updated: 2024-10-21 19:34
VLAI?
Summary
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:33:15.295856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:34:50.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T05:00:34.672Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38747",
"datePublished": "2023-08-03T05:00:34.672Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-21T19:34:50.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38746 (GCVE-0-2023-38746)
Vulnerability from cvelistv5 – Published: 2023-08-03 04:58 – Updated: 2024-10-17 15:03
VLAI?
Summary
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:02:40.370304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:03:39.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T04:58:30.228Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93286117/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38746",
"datePublished": "2023-08-03T04:58:30.228Z",
"dateReserved": "2023-07-25T03:13:53.096Z",
"dateUpdated": "2024-10-17T15:03:39.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43667 (GCVE-0-2022-43667)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:09
VLAI?
Summary
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:05.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:08:22.472874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:09:01.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43667",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:09:01.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43509 (GCVE-0-2022-43509)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:18
VLAI?
Summary
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:17:47.602031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:18:24.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43509",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:18:24.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43508 (GCVE-0-2022-43508)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:46
VLAI?
Summary
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Severity ?
7.8 (High)
CWE
- Use-after-free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
v.9.77 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:44:19.369346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:46:05.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "v.9.77 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
},
{
"url": "https://jvn.jp/vu/JVNVU92877622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43508",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:46:05.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25325 (GCVE-0-2022-25325)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25325",
"datePublished": "2022-03-07T09:00:43.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25234 (GCVE-0-2022-25234)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | CX-Programmer |
Affected:
CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CX-Programmer",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
}
]
}
}
]
},
"vendor_name": "OMRON Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25234",
"datePublished": "2022-03-07T09:00:41.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-003116
Vulnerability from jvndb - Published: 2024-04-24 10:13 - Updated:2024-04-24 10:13
Severity ?
Summary
Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer
Details
OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below.
* Out-of-bounds read (CWE-125) - CVE-2024-31412
* Free of pointer not at start of buffer (CWE-761) - CVE-2024-31413
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003116.html",
"dc:date": "2024-04-24T10:13+09:00",
"dcterms:issued": "2024-04-24T10:13+09:00",
"dcterms:modified": "2024-04-24T10:13+09:00",
"description": "OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below.\r\n\r\n * Out-of-bounds read (CWE-125) - CVE-2024-31412\r\n\r\n * Free of pointer not at start of buffer (CWE-761) - CVE-2024-31413\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003116.html",
"sec:cpe": [
{
"#text": "cpe:/a:omron:cx-one",
"@product": "CX-One",
"@vendor": "OMRON Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:omron:cx-programmer",
"@product": "CX-Programmer",
"@vendor": "OMRON Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:omron:sysmac_studio",
"@product": "Sysmac Studio",
"@vendor": "OMRON Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-003116",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98274902/index.html",
"@id": "JVNVU#98274902",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31412",
"@id": "CVE-2024-31412",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31413",
"@id": "CVE-2024-31413",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/761.html",
"@id": "CWE-761",
"@title": "Free of Pointer not at Start of Buffer(CWE-761)"
}
],
"title": "Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer"
}
JVNDB-2023-002786
Vulnerability from jvndb - Published: 2023-08-03 13:42 - Updated:2024-04-05 17:39
Severity ?
Summary
Multiple vulnerabilities in OMRON CX-Programmer
Details
CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below.
* Out-of-bounds read (CWE-125) - CVE-2023-38746
* Heap-based buffer overflow (CWE-122) - CVE-2023-38747
* Use after free (CWE-416) - CVE-2023-38748
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002786.html",
"dc:date": "2024-04-05T17:39+09:00",
"dcterms:issued": "2023-08-03T13:42+09:00",
"dcterms:modified": "2024-04-05T17:39+09:00",
"description": "CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below.\r\n\r\n * Out-of-bounds read (CWE-125) - CVE-2023-38746\r\n * Heap-based buffer overflow (CWE-122) - CVE-2023-38747\r\n * Use after free (CWE-416) - CVE-2023-38748\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002786.html",
"sec:cpe": {
"#text": "cpe:/a:omron:cx-programmer",
"@product": "CX-Programmer",
"@vendor": "OMRON Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002786",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU93286117/index.html",
"@id": "JVNVU#93286117",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38746",
"@id": "CVE-2023-38746",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38747",
"@id": "CVE-2023-38747",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38748",
"@id": "CVE-2023-38748",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38746",
"@id": "CVE-2023-38746",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38747",
"@id": "CVE-2023-38747",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38748",
"@id": "CVE-2023-38748",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/122.html",
"@id": "CWE-122",
"@title": "Heap-based Buffer Overflow(CWE-122)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/416.html",
"@id": "CWE-416",
"@title": "Use After Free(CWE-416)"
}
],
"title": "Multiple vulnerabilities in OMRON CX-Programmer"
}
JVNDB-2022-002765
Vulnerability from jvndb - Published: 2022-11-28 15:40 - Updated:2024-04-05 18:15
Severity ?
Summary
Multiple vulnerabilities in OMRON CX-Programmer
Details
CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below.
* Use-after-free (CWE-416) - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314
* Out-of-bounds Write (CWE-787) - CVE-2022-43509
* Stack-based Buffer Overflow (CWE-121) - CVE-2022-43667
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002765.html",
"dc:date": "2024-04-05T18:15+09:00",
"dcterms:issued": "2022-11-28T15:40+09:00",
"dcterms:modified": "2024-04-05T18:15+09:00",
"description": "CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below.\r\n\r\n * Use-after-free (CWE-416) - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314\r\n * Out-of-bounds Write (CWE-787) - CVE-2022-43509\r\n * Stack-based Buffer Overflow (CWE-121) - CVE-2022-43667\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002765.html",
"sec:cpe": {
"#text": "cpe:/a:omron:cx-programmer",
"@product": "CX-Programmer",
"@vendor": "OMRON Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002765",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92877622/index.html",
"@id": "JVNVU#92877622",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43508",
"@id": "CVE-2022-43508",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43509",
"@id": "CVE-2022-43509",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43667",
"@id": "CVE-2022-43667",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22277",
"@id": "CVE-2023-22277",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22314",
"@id": "CVE-2023-22314",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22317",
"@id": "CVE-2023-22317",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43508",
"@id": "CVE-2022-43508",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43509",
"@id": "CVE-2022-43509",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43667",
"@id": "CVE-2022-43667",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22277",
"@id": "CVE-2023-22277",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22314",
"@id": "CVE-2023-22314",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22317",
"@id": "CVE-2023-22317",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04",
"@id": "ICSA-22-356-04",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/416.html",
"@id": "CWE-416",
"@title": "Use After Free(CWE-416)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple vulnerabilities in OMRON CX-Programmer"
}