Filtered by vendor Omron
Subscribe
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||
| CVE-2022-31204 | 1 Omron | 15 Cp1w-cif41, Cp1w-cif41 Firmware, Cx-programmer and 12 more | 2024-11-21 | N/A | 7.5 HIGH |
| Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. | |||||
| CVE-2022-2979 | 1 Omron | 1 Cx-programmer | 2024-11-21 | N/A | 7.8 HIGH |
| Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. | |||||
| CVE-2022-26419 | 1 Omron | 1 Cx-position | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. | |||||
| CVE-2022-26417 | 1 Omron | 1 Cx-position | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-26022 | 1 Omron | 1 Cx-position | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-25959 | 1 Omron | 1 Cx-position | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-25325 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. | |||||
| CVE-2022-25234 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. | |||||
| CVE-2022-25230 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. | |||||
| CVE-2022-21219 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-21137 | 1 Omron | 1 Cx-one | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-21124 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. | |||||
| CVE-2021-27413 | 1 Omron | 2 Cx-one, Cx-server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-20836 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 6.0 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files. | |||||
| CVE-2020-27261 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-27259 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-27257 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices. | |||||
| CVE-2019-6556 | 1 Omron | 2 Common Components, Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 6.6 MEDIUM |
| When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | |||||
| CVE-2019-18261 | 1 Omron | 3 Plc Cj Firmware, Plc Cs Firmware, Plc Nj Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. | |||||