Search

Find a vulnerability

Search criteria

    33 vulnerabilities found for CX-Programmer by OMRON Corporation

    CVE-2024-31412 (GCVE-0-2024-31412)

    Vulnerability from nvd – Published: 2024-05-01 12:52 – Updated: 2024-08-02 01:52
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds read
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower
    Create a notification for this product.
    omron cx-programmer Affected: 0 , ≤ 9.81 (custom)
        cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cx-programmer",
                "vendor": "omron",
                "versions": [
                  {
                    "lessThanOrEqual": "9.81",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-25T14:29:07.641532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T14:36:05.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:52:56.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98274902/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T12:52:13.173Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98274902/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-31412",
        "datePublished": "2024-05-01T12:52:13.173Z",
        "dateReserved": "2024-04-03T10:57:10.684Z",
        "dateUpdated": "2024-08-02T01:52:56.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22277 (GCVE-0-2023-22277)

    Vulnerability from nvd – Published: 2023-08-03 13:05 – Updated: 2024-10-17 14:21
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Ver.9.79 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:05.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:21:26.727465Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:21:36.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.79 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T13:05:45.204Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22277",
        "datePublished": "2023-08-03T13:05:45.204Z",
        "dateReserved": "2022-12-27T15:57:55.077Z",
        "dateUpdated": "2024-10-17T14:21:36.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22317 (GCVE-0-2023-22317)

    Vulnerability from nvd – Published: 2023-08-03 12:56 – Updated: 2024-10-17 15:34
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Ver.9.79 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:05.975Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:33:38.630665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:34:00.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.79 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T13:07:10.073Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22317",
        "datePublished": "2023-08-03T12:56:14.503Z",
        "dateReserved": "2022-12-27T15:57:55.084Z",
        "dateUpdated": "2024-10-17T15:34:00.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22314 (GCVE-0-2023-22314)

    Vulnerability from nvd – Published: 2023-08-03 12:59 – Updated: 2024-10-17 14:27
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Ver.9.79 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:05.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:27:26.735010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:27:35.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.79 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T13:08:22.396Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22314",
        "datePublished": "2023-08-03T12:59:07.012Z",
        "dateReserved": "2022-12-27T15:57:55.088Z",
        "dateUpdated": "2024-10-17T14:27:35.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38748 (GCVE-0-2023-38748)

    Vulnerability from nvd – Published: 2023-08-03 05:09 – Updated: 2024-10-17 15:44
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:38.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93286117/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38748",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:44:38.294238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:44:46.018Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T05:09:16.186Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93286117/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38748",
        "datePublished": "2023-08-03T05:09:16.186Z",
        "dateReserved": "2023-07-25T03:13:53.096Z",
        "dateUpdated": "2024-10-17T15:44:46.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38747 (GCVE-0-2023-38747)

    Vulnerability from nvd – Published: 2023-08-03 05:00 – Updated: 2024-10-21 19:34
    VLAI
    Summary
    Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:38.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93286117/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T19:33:15.295856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T19:34:50.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap-based buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T05:00:34.672Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93286117/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38747",
        "datePublished": "2023-08-03T05:00:34.672Z",
        "dateReserved": "2023-07-25T03:13:53.096Z",
        "dateUpdated": "2024-10-21T19:34:50.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38746 (GCVE-0-2023-38746)

    Vulnerability from nvd – Published: 2023-08-03 04:58 – Updated: 2024-10-17 15:03
    VLAI
    Summary
    Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds read
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:38.524Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93286117/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:02:40.370304Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:03:39.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T04:58:30.228Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93286117/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38746",
        "datePublished": "2023-08-03T04:58:30.228Z",
        "dateReserved": "2023-07-25T03:13:53.096Z",
        "dateUpdated": "2024-10-17T15:03:39.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43667 (GCVE-0-2022-43667)

    Vulnerability from nvd – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:09
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Stack-based Buffer Overflow
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: v.9.77 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:05.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43667",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:08:22.472874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T14:09:01.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.9.77 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43667",
        "datePublished": "2022-12-07T00:00:00.000Z",
        "dateReserved": "2022-10-22T00:00:00.000Z",
        "dateUpdated": "2025-04-23T14:09:01.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43509 (GCVE-0-2022-43509)

    Vulnerability from nvd – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:18
    VLAI
    Summary
    Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds Write
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: v.9.77 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:17:47.602031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T14:18:24.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.9.77 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43509",
        "datePublished": "2022-12-07T00:00:00.000Z",
        "dateReserved": "2022-10-22T00:00:00.000Z",
        "dateUpdated": "2025-04-23T14:18:24.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43508 (GCVE-0-2022-43508)

    Vulnerability from nvd – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:46
    VLAI
    Summary
    Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use-after-free
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: v.9.77 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:44:19.369346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T14:46:05.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.9.77 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-after-free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43508",
        "datePublished": "2022-12-07T00:00:00.000Z",
        "dateReserved": "2022-10-22T00:00:00.000Z",
        "dateUpdated": "2025-04-23T14:46:05.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25325 (GCVE-0-2022-25325)

    Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
    VLAI
    Summary
    Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
    Severity
    No CVSS data available.
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:06.770Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T09:00:43.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25325",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CX-Programmer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OMRON Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use after free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25325",
        "datePublished": "2022-03-07T09:00:43.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:36:06.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25234 (GCVE-0-2022-25234)

    Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
    VLAI
    Summary
    Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
    Severity
    No CVSS data available.
    CWE
    • Out-of-bounds write
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:06.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T09:00:41.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CX-Programmer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OMRON Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25234",
        "datePublished": "2022-03-07T09:00:41.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:36:06.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25230 (GCVE-0-2022-25230)

    Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
    VLAI
    Summary
    Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.
    Severity
    No CVSS data available.
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:06.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T09:00:40.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CX-Programmer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OMRON Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use after free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25230",
        "datePublished": "2022-03-07T09:00:40.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:36:06.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21219 (GCVE-0-2022-21219)

    Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
    Severity
    No CVSS data available.
    CWE
    • Out-of-bounds read
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.068Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T09:00:38.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-21219",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CX-Programmer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OMRON Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-21219",
        "datePublished": "2022-03-07T09:00:38.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T02:31:59.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21124 (GCVE-0-2022-21124)

    Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.
    Severity
    No CVSS data available.
    CWE
    • Out-of-bounds write
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
              },
              {
                "name": "[oss-security] 20220614 Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/06/14/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xenbits.xen.org/xsa/advisory-404.html"
              },
              {
                "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T17:06:14.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
            },
            {
              "name": "[oss-security] 20220614 Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/06/14/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xenbits.xen.org/xsa/advisory-404.html"
            },
            {
              "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-21124",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CX-Programmer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OMRON Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
                },
                {
                  "name": "[oss-security] 20220614 Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/06/14/4"
                },
                {
                  "name": "http://xenbits.xen.org/xsa/advisory-404.html",
                  "refsource": "CONFIRM",
                  "url": "http://xenbits.xen.org/xsa/advisory-404.html"
                },
                {
                  "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-21124",
        "datePublished": "2022-03-07T09:00:32.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T02:31:59.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31412 (GCVE-0-2024-31412)

    Vulnerability from cvelistv5 – Published: 2024-05-01 12:52 – Updated: 2024-08-02 01:52
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds read
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower
    Create a notification for this product.
    omron cx-programmer Affected: 0 , ≤ 9.81 (custom)
        cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cx-programmer",
                "vendor": "omron",
                "versions": [
                  {
                    "lessThanOrEqual": "9.81",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-25T14:29:07.641532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T14:36:05.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:52:56.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU98274902/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T12:52:13.173Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU98274902/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-31412",
        "datePublished": "2024-05-01T12:52:13.173Z",
        "dateReserved": "2024-04-03T10:57:10.684Z",
        "dateUpdated": "2024-08-02T01:52:56.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22277 (GCVE-0-2023-22277)

    Vulnerability from cvelistv5 – Published: 2023-08-03 13:05 – Updated: 2024-10-17 14:21
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Ver.9.79 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:05.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:21:26.727465Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:21:36.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.79 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T13:05:45.204Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22277",
        "datePublished": "2023-08-03T13:05:45.204Z",
        "dateReserved": "2022-12-27T15:57:55.077Z",
        "dateUpdated": "2024-10-17T14:21:36.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22314 (GCVE-0-2023-22314)

    Vulnerability from cvelistv5 – Published: 2023-08-03 12:59 – Updated: 2024-10-17 14:27
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Ver.9.79 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:05.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:27:26.735010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:27:35.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.79 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T13:08:22.396Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22314",
        "datePublished": "2023-08-03T12:59:07.012Z",
        "dateReserved": "2022-12-27T15:57:55.088Z",
        "dateUpdated": "2024-10-17T14:27:35.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22317 (GCVE-0-2023-22317)

    Vulnerability from cvelistv5 – Published: 2023-08-03 12:56 – Updated: 2024-10-17 15:34
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Ver.9.79 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:05.975Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:33:38.630665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:34:00.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.79 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T13:07:10.073Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22317",
        "datePublished": "2023-08-03T12:56:14.503Z",
        "dateReserved": "2022-12-27T15:57:55.084Z",
        "dateUpdated": "2024-10-17T15:34:00.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38748 (GCVE-0-2023-38748)

    Vulnerability from cvelistv5 – Published: 2023-08-03 05:09 – Updated: 2024-10-17 15:44
    VLAI
    Summary
    Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use after free
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:38.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93286117/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38748",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:44:38.294238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:44:46.018Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T05:09:16.186Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93286117/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38748",
        "datePublished": "2023-08-03T05:09:16.186Z",
        "dateReserved": "2023-07-25T03:13:53.096Z",
        "dateUpdated": "2024-10-17T15:44:46.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38747 (GCVE-0-2023-38747)

    Vulnerability from cvelistv5 – Published: 2023-08-03 05:00 – Updated: 2024-10-21 19:34
    VLAI
    Summary
    Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:38.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93286117/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T19:33:15.295856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T19:34:50.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap-based buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T05:00:34.672Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93286117/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38747",
        "datePublished": "2023-08-03T05:00:34.672Z",
        "dateReserved": "2023-07-25T03:13:53.096Z",
        "dateUpdated": "2024-10-21T19:34:50.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38746 (GCVE-0-2023-38746)

    Vulnerability from cvelistv5 – Published: 2023-08-03 04:58 – Updated: 2024-10-17 15:03
    VLAI
    Summary
    Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds read
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:38.524Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93286117/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:02:40.370304Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:03:39.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T04:58:30.228Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-005_en.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93286117/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38746",
        "datePublished": "2023-08-03T04:58:30.228Z",
        "dateReserved": "2023-07-25T03:13:53.096Z",
        "dateUpdated": "2024-10-17T15:03:39.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43508 (GCVE-0-2022-43508)

    Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:46
    VLAI
    Summary
    Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use-after-free
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: v.9.77 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:44:19.369346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T14:46:05.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.9.77 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-after-free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43508",
        "datePublished": "2022-12-07T00:00:00.000Z",
        "dateReserved": "2022-10-22T00:00:00.000Z",
        "dateUpdated": "2025-04-23T14:46:05.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43667 (GCVE-0-2022-43667)

    Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:09
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Stack-based Buffer Overflow
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: v.9.77 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:05.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43667",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:08:22.472874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T14:09:01.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.9.77 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43667",
        "datePublished": "2022-12-07T00:00:00.000Z",
        "dateReserved": "2022-10-22T00:00:00.000Z",
        "dateUpdated": "2025-04-23T14:09:01.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43509 (GCVE-0-2022-43509)

    Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:18
    VLAI
    Summary
    Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds Write
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: v.9.77 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:17:47.602031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T14:18:24.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.9.77 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU92877622/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43509",
        "datePublished": "2022-12-07T00:00:00.000Z",
        "dateReserved": "2022-10-22T00:00:00.000Z",
        "dateUpdated": "2025-04-23T14:18:24.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25325 (GCVE-0-2022-25325)

    Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
    VLAI
    Summary
    Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
    Severity
    No CVSS data available.
    CWE
    • Use after free
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:06.770Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use after free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T09:00:43.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25325",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CX-Programmer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OMRON Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use after free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25325",
        "datePublished": "2022-03-07T09:00:43.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:36:06.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25234 (GCVE-0-2022-25234)

    Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 04:36
    VLAI
    Summary
    Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
    Severity
    No CVSS data available.
    CWE
    • Out-of-bounds write
    Assigner
    References
    Impacted products
    Vendor Product Version
    OMRON Corporation CX-Programmer Affected: CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:06.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CX-Programmer",
              "vendor": "OMRON Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T09:00:41.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CX-Programmer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OMRON Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25234",
        "datePublished": "2022-03-07T09:00:41.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:36:06.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2024-003116

    Vulnerability from jvndb - Published: 2024-04-24 10:13 - Updated:2024-04-24 10:13
    Severity
    Summary
    Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer
    Details
    OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2024-31412 * Free of pointer not at start of buffer (CWE-761) - CVE-2024-31413 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003116.html",
      "dc:date": "2024-04-24T10:13+09:00",
      "dcterms:issued": "2024-04-24T10:13+09:00",
      "dcterms:modified": "2024-04-24T10:13+09:00",
      "description": "OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below.\r\n\r\n  * Out-of-bounds read (CWE-125) - CVE-2024-31412\r\n\r\n  * Free of pointer not at start of buffer (CWE-761) - CVE-2024-31413\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003116.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:omron:cx-one",
          "@product": "CX-One",
          "@vendor": "OMRON Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:omron:cx-programmer",
          "@product": "CX-Programmer",
          "@vendor": "OMRON Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:omron:sysmac_studio",
          "@product": "Sysmac Studio",
          "@vendor": "OMRON Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-003116",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU98274902/index.html",
          "@id": "JVNVU#98274902",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31412",
          "@id": "CVE-2024-31412",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31413",
          "@id": "CVE-2024-31413",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/125.html",
          "@id": "CWE-125",
          "@title": "Out-of-bounds Read(CWE-125)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/761.html",
          "@id": "CWE-761",
          "@title": "Free of Pointer not at Start of Buffer(CWE-761)"
        }
      ],
      "title": "Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer"
    }

    JVNDB-2023-002786

    Vulnerability from jvndb - Published: 2023-08-03 13:42 - Updated:2024-04-05 17:39
    Severity
    Summary
    Multiple vulnerabilities in OMRON CX-Programmer
    Details
    CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2023-38746 * Heap-based buffer overflow (CWE-122) - CVE-2023-38747 * Use after free (CWE-416) - CVE-2023-38748 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002786.html",
      "dc:date": "2024-04-05T17:39+09:00",
      "dcterms:issued": "2023-08-03T13:42+09:00",
      "dcterms:modified": "2024-04-05T17:39+09:00",
      "description": "CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below.\r\n\r\n  * Out-of-bounds read (CWE-125) - CVE-2023-38746\r\n  * Heap-based buffer overflow (CWE-122) - CVE-2023-38747\r\n  * Use after free (CWE-416) - CVE-2023-38748\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002786.html",
      "sec:cpe": {
        "#text": "cpe:/a:omron:cx-programmer",
        "@product": "CX-Programmer",
        "@vendor": "OMRON Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2023-002786",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU93286117/index.html",
          "@id": "JVNVU#93286117",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38746",
          "@id": "CVE-2023-38746",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38747",
          "@id": "CVE-2023-38747",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38748",
          "@id": "CVE-2023-38748",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38746",
          "@id": "CVE-2023-38746",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38747",
          "@id": "CVE-2023-38747",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38748",
          "@id": "CVE-2023-38748",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/122.html",
          "@id": "CWE-122",
          "@title": "Heap-based Buffer Overflow(CWE-122)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/125.html",
          "@id": "CWE-125",
          "@title": "Out-of-bounds Read(CWE-125)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/416.html",
          "@id": "CWE-416",
          "@title": "Use After Free(CWE-416)"
        }
      ],
      "title": "Multiple vulnerabilities in OMRON CX-Programmer"
    }

    JVNDB-2022-002765

    Vulnerability from jvndb - Published: 2022-11-28 15:40 - Updated:2024-04-05 18:15
    Severity
    Summary
    Multiple vulnerabilities in OMRON CX-Programmer
    Details
    CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below. * Use-after-free (CWE-416) - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314 * Out-of-bounds Write (CWE-787) - CVE-2022-43509 * Stack-based Buffer Overflow (CWE-121) - CVE-2022-43667 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002765.html",
      "dc:date": "2024-04-05T18:15+09:00",
      "dcterms:issued": "2022-11-28T15:40+09:00",
      "dcterms:modified": "2024-04-05T18:15+09:00",
      "description": "CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below.\r\n\r\n  * Use-after-free (CWE-416) - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314\r\n  * Out-of-bounds Write (CWE-787) - CVE-2022-43509\r\n  * Stack-based Buffer Overflow (CWE-121) - CVE-2022-43667\r\n\r\nMichael Heinzl reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002765.html",
      "sec:cpe": {
        "#text": "cpe:/a:omron:cx-programmer",
        "@product": "CX-Programmer",
        "@vendor": "OMRON Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2022-002765",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU92877622/index.html",
          "@id": "JVNVU#92877622",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43508",
          "@id": "CVE-2022-43508",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43509",
          "@id": "CVE-2022-43509",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43667",
          "@id": "CVE-2022-43667",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22277",
          "@id": "CVE-2023-22277",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22314",
          "@id": "CVE-2023-22314",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22317",
          "@id": "CVE-2023-22317",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43508",
          "@id": "CVE-2022-43508",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43509",
          "@id": "CVE-2022-43509",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43667",
          "@id": "CVE-2022-43667",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22277",
          "@id": "CVE-2023-22277",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22314",
          "@id": "CVE-2023-22314",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22317",
          "@id": "CVE-2023-22317",
          "@source": "NVD"
        },
        {
          "#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04",
          "@id": "ICSA-22-356-04",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/121.html",
          "@id": "CWE-121",
          "@title": "Stack-based Buffer Overflow(CWE-121)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/416.html",
          "@id": "CWE-416",
          "@title": "Use After Free(CWE-416)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/787.html",
          "@id": "CWE-787",
          "@title": "Out-of-bounds Write(CWE-787)"
        }
      ],
      "title": "Multiple vulnerabilities in OMRON CX-Programmer"
    }