Filtered by vendor Omron
Subscribe
Total
79 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31204 | 1 Omron | 15 Cp1w-cif41, Cp1w-cif41 Firmware, Cx-programmer and 12 more | 2024-02-04 | N/A | 7.5 HIGH |
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. | |||||
CVE-2022-2979 | 1 Omron | 1 Cx-programmer | 2024-02-04 | N/A | 7.8 HIGH |
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. | |||||
CVE-2022-31206 | 1 Omron | 50 Nj101-1000, Nj101-1000 Firmware, Nj101-1020 and 47 more | 2024-02-04 | N/A | 9.8 CRITICAL |
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS. | |||||
CVE-2022-25959 | 1 Omron | 1 Cx-position | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-26419 | 1 Omron | 1 Cx-position | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. | |||||
CVE-2022-21124 | 1 Omron | 1 Cx-programmer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. | |||||
CVE-2022-26417 | 1 Omron | 1 Cx-position | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-25230 | 1 Omron | 1 Cx-programmer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. | |||||
CVE-2022-25325 | 1 Omron | 1 Cx-programmer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. | |||||
CVE-2022-26022 | 1 Omron | 1 Cx-position | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-21219 | 1 Omron | 1 Cx-programmer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
CVE-2022-25234 | 1 Omron | 1 Cx-programmer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. | |||||
CVE-2021-20836 | 1 Omron | 1 Cx-supervisor | 2024-02-04 | 6.0 MEDIUM | 6.5 MEDIUM |
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files. | |||||
CVE-2022-21137 | 1 Omron | 1 Cx-one | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. | |||||
CVE-2021-27413 | 1 Omron | 2 Cx-one, Cx-server | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
CVE-2020-27257 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices. | |||||
CVE-2020-27259 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2020-27261 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2019-18251 | 2 Omron, Teamviewer | 2 Cx-supervisor, Teamviewer | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. | |||||
CVE-2020-6986 | 1 Omron | 4 Plc Cj1, Plc Cj1 Firmware, Plc Cj2 and 1 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result. |