本頁列出影響 omron cx-programmer 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-22277 | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314. | [email protected] | 7.8 | 0.05% | 2023-08-03 | 2024-11-21 |
| CVE-2023-22317 | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314. | [email protected] | 7.8 | 0.05% | 2023-08-03 | 2024-11-21 |
| CVE-2023-22314 | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317. | [email protected] | 7.8 | 0.05% | 2023-08-03 | 2024-11-21 |
| CVE-2023-38748 | Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | [email protected] | 7.8 | 0.15% | 2023-08-03 | 2024-11-21 |
| CVE-2023-38747 | Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | [email protected] | 7.8 | 0.17% | 2023-08-03 | 2024-11-21 |
| CVE-2023-38746 | Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | [email protected] | 7.8 | 0.06% | 2023-08-03 | 2024-11-21 |
| CVE-2022-43667 | Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | [email protected] | 7.8 | 0.09% | 2022-12-07 | 2025-04-23 |
| CVE-2022-43509 | Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | [email protected] | 7.8 | 0.11% | 2022-12-07 | 2025-04-23 |
| CVE-2022-43508 | Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | [email protected] | 7.8 | 0.13% | 2022-12-07 | 2025-04-23 |
| CVE-2022-3398 | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | [email protected] | 7.8 | 0.34% | 2022-10-06 | 2024-11-21 |
| CVE-2022-3397 | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | [email protected] | 7.8 | 0.34% | 2022-10-06 | 2024-11-21 |
| CVE-2022-3396 | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | [email protected] | 7.8 | 0.34% | 2022-10-06 | 2024-11-21 |
| CVE-2022-2979 | Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. | [email protected] | 7.8 | 0.07% | 2022-09-12 | 2024-11-21 |
| CVE-2022-31204 | Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. | [email protected] | 7.5 | 0.12% | 2022-07-26 | 2024-11-21 |
| CVE-2022-25325 | Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. | [email protected] | 7.8 | 0.48% | 2022-03-10 | 2024-11-21 |
| CVE-2022-25234 | Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. | [email protected] | 7.8 | 0.36% | 2022-03-10 | 2024-11-21 |
| CVE-2022-25230 | Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. | [email protected] | 7.8 | 0.48% | 2022-03-10 | 2024-11-21 |
| CVE-2022-21219 | Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | [email protected] | 7.8 | 0.35% | 2022-03-10 | 2024-11-21 |
| CVE-2022-21124 | Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. | [email protected] | 7.8 | 0.39% | 2022-03-10 | 2024-11-21 |
| CVE-2019-6556 | When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | [email protected] | 6.6 | 0.21% | 2019-04-10 | 2024-11-21 |