Vulnerabilities (CVE)

Filtered by vendor Omron Subscribe
Total 79 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2370 1 Omron 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
CVE-2014-2369 1 Omron 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more 2024-11-21 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-2301 1 Omron 1 Openwnn 2024-11-21 4.3 MEDIUM N/A
The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
CVE-2000-0704 3 Freewnn, Omron, Wnn 3 Freewnn, Worldview, Wnn4 2024-11-20 10.0 HIGH N/A
Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
CVE-2023-38744 1 Omron 24 Cj1w-eip21, Cj1w-eip21 Firmware, Cj2h-cpu64-eip and 21 more 2024-10-17 N/A 7.5 HIGH
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.
CVE-2024-33687 1 Omron 110 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 107 more 2024-06-26 N/A 7.5 HIGH
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration.
CVE-2022-45790 1 Omron 92 Cj1g-cpu42p, Cj1g-cpu42p Firmware, Cj1g-cpu43p and 89 more 2024-02-05 N/A 9.1 CRITICAL
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
CVE-2022-45792 1 Omron 1 Sysmac Studio 2024-02-05 N/A 7.8 HIGH
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
CVE-2022-45794 1 Omron 82 Sysmac Cj1g-cpu42p, Sysmac Cj1g-cpu42p Firmware, Sysmac Cj1g-cpu43p and 79 more 2024-02-05 N/A 7.5 HIGH
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.
CVE-2022-45793 1 Omron 1 Automation Software Sysmac Studio 2024-02-05 N/A 7.8 HIGH
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
CVE-2023-22317 1 Omron 1 Cx-programmer 2024-02-05 N/A 7.8 HIGH
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
CVE-2023-22314 1 Omron 1 Cx-programmer 2024-02-05 N/A 7.8 HIGH
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
CVE-2023-22277 1 Omron 1 Cx-programmer 2024-02-05 N/A 7.8 HIGH
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
CVE-2023-38746 1 Omron 1 Cx-programmer 2024-02-05 N/A 7.8 HIGH
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
CVE-2023-38747 1 Omron 1 Cx-programmer 2024-02-05 N/A 7.8 HIGH
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
CVE-2023-38748 1 Omron 1 Cx-programmer 2024-02-05 N/A 7.8 HIGH
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
CVE-2023-27396 1 Omron 542 Cj2h-cpu64, Cj2h-cpu64-eip, Cj2h-cpu64-eip Firmware and 539 more 2024-02-04 N/A 9.8 CRITICAL
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
CVE-2023-27385 1 Omron 1 Cx-drive 2024-02-04 N/A 7.8 HIGH
Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.
CVE-2023-0811 1 Omron 256 Sysmac Cj2h-cpu64, Sysmac Cj2h-cpu64-eip, Sysmac Cj2h-cpu64-eip Firmware and 253 more 2024-02-04 N/A 9.1 CRITICAL
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
CVE-2022-34151 1 Omron 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.