Filtered by vendor Omron
Subscribe
Total
74 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-22322 | 1 Omron | 1 Cx-motion Pro | 2023-02-06 | N/A | 5.5 MEDIUM |
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed. | |||||
CVE-2023-22357 | 1 Omron | 2 Cp1l-el20dr-d, Cp1l-el20dr-d Firmware | 2023-01-24 | N/A | 9.8 CRITICAL |
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. | |||||
CVE-2023-22366 | 1 Omron | 2 Cx-motion-mch, Cx-motion-mch Firmware | 2023-01-24 | N/A | 7.8 HIGH |
CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2022-46282 | 1 Omron | 1 Cx-drive | 2022-12-30 | N/A | 7.8 HIGH |
Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, | |||||
CVE-2022-43667 | 1 Omron | 1 Cx-programmer | 2022-12-09 | N/A | 7.8 HIGH |
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
CVE-2022-43508 | 1 Omron | 1 Cx-programmer | 2022-12-08 | N/A | 7.8 HIGH |
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
CVE-2022-43509 | 1 Omron | 1 Cx-programmer | 2022-12-08 | N/A | 7.8 HIGH |
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
CVE-2022-3397 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-3398 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-3396 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-2979 | 1 Omron | 1 Cx-programmer | 2022-09-15 | N/A | 7.8 HIGH |
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. | |||||
CVE-2022-31206 | 1 Omron | 50 Nj101-1000, Nj101-1000 Firmware, Nj101-1020 and 47 more | 2022-08-04 | N/A | 9.8 CRITICAL |
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS. | |||||
CVE-2022-31207 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2022-08-04 | N/A | 9.8 CRITICAL |
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter. | |||||
CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2022-08-04 | N/A | 7.5 HIGH |
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||
CVE-2022-31204 | 1 Omron | 15 Cp1w-cif41, Cp1w-cif41 Firmware, Cx-programmer and 12 more | 2022-08-04 | N/A | 7.5 HIGH |
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. | |||||
CVE-2022-34151 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2022-07-15 | 6.8 MEDIUM | 8.1 HIGH |
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | |||||
CVE-2022-33971 | 1 Omron | 104 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 101 more | 2022-07-15 | 5.4 MEDIUM | 7.5 HIGH |
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. | |||||
CVE-2022-33208 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2022-07-15 | 6.8 MEDIUM | 8.1 HIGH |
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. | |||||
CVE-2022-21124 | 1 Omron | 1 Cx-programmer | 2022-06-16 | 6.8 MEDIUM | 7.8 HIGH |
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. | |||||
CVE-2022-25959 | 1 Omron | 1 Cx-position | 2022-04-08 | 6.8 MEDIUM | 7.8 HIGH |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. |