Filtered by vendor Omron
Subscribe
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34151 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2026-06-02 | 6.8 MEDIUM | 8.1 HIGH |
| Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | |||||
| CVE-2022-33971 | 1 Omron | 104 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 101 more | 2026-06-02 | 5.4 MEDIUM | 7.5 HIGH |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. | |||||
| CVE-2020-6986 | 1 Omron | 4 Plc Cj1, Plc Cj1 Firmware, Plc Cj2 and 1 more | 2026-06-02 | 7.8 HIGH | 7.5 HIGH |
| In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result. | |||||
| CVE-2019-18269 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2026-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. | |||||
| CVE-2019-13533 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2026-06-02 | 6.8 MEDIUM | 8.1 HIGH |
| In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | |||||
| CVE-2015-0987 | 1 Omron | 3 Cj2h Plc, Cj2m Plc, Cx-programmer | 2026-06-02 | 5.0 MEDIUM | 10.0 CRITICAL |
| Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | |||||
| CVE-2015-0988 | 1 Omron | 1 Cx-programmer | 2026-05-06 | 2.1 LOW | N/A |
| Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. | |||||
| CVE-2014-2370 | 1 Omron | 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more | 2026-05-06 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | |||||
| CVE-2014-2369 | 1 Omron | 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more | 2026-05-06 | 4.6 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-1015 | 1 Omron | 3 Cj2h Plc, Cj2m Plc, Cx-programmer | 2026-05-06 | 2.1 LOW | N/A |
| Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. | |||||
| CVE-2013-2301 | 1 Omron | 1 Openwnn | 2026-04-29 | 4.3 MEDIUM | N/A |
| The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2000-0704 | 3 Freewnn, Omron, Wnn | 3 Freewnn, Worldview, Wnn4 | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands. | |||||
| CVE-2022-43509 | 1 Omron | 1 Cx-programmer | 2025-04-23 | N/A | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-43508 | 1 Omron | 1 Cx-programmer | 2025-04-23 | N/A | 7.8 HIGH |
| Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-43667 | 1 Omron | 1 Cx-programmer | 2025-04-23 | N/A | 7.8 HIGH |
| Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-46282 | 1 Omron | 1 Cx-drive | 2025-04-16 | N/A | 7.8 HIGH |
| Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, | |||||
| CVE-2023-22357 | 1 Omron | 2 Cp1l-el20dr-d, Cp1l-el20dr-d Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
| Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. | |||||
| CVE-2023-22366 | 1 Omron | 2 Cx-motion-mch, Cx-motion-mch Firmware | 2025-04-03 | N/A | 7.8 HIGH |
| CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2023-22322 | 1 Omron | 1 Cx-motion Pro | 2025-03-27 | N/A | 5.5 MEDIUM |
| Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed. | |||||
| CVE-2024-33687 | 1 Omron | 110 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 107 more | 2025-03-13 | N/A | 7.5 HIGH |
| Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. | |||||