Omron Cx Programmer
By the Year
In 2024 there have been 0 vulnerabilities in Omron Cx Programmer . Last year Cx Programmer had 6 security vulnerabilities published. Right now, Cx Programmer is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 6 | 7.80 |
| 2022 | 13 | 8.24 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 6.60 |
| 2018 | 5 | 7.80 |
It may take a day or so for new Cx Programmer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Omron Cx Programmer Security Vulnerabilities
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier
CVE-2023-22277
7.8 - High
- August 03, 2023
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
Dangling pointer
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier
CVE-2023-22314
7.8 - High
- August 03, 2023
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
Dangling pointer
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier
CVE-2023-22317
7.8 - High
- August 03, 2023
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
Dangling pointer
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
CVE-2023-38747
7.8 - High
- August 03, 2023
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Memory Corruption
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
CVE-2023-38748
7.8 - High
- August 03, 2023
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Dangling pointer
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
CVE-2023-38746
7.8 - High
- August 03, 2023
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Out-of-bounds Read
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier
CVE-2022-43508
7.8 - High
- December 07, 2022
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Dangling pointer
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier
CVE-2022-43509
7.8 - High
- December 07, 2022
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Memory Corruption
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier
CVE-2022-43667
7.8 - High
- December 07, 2022
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Memory Corruption
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may
CVE-2022-3396
9.8 - Critical
- October 06, 2022
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Memory Corruption
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may
CVE-2022-3397
9.8 - Critical
- October 06, 2022
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Memory Corruption
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may
CVE-2022-3398
9.8 - Critical
- October 06, 2022
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Memory Corruption
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
CVE-2022-2979
7.8 - High
- September 12, 2022
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
Dangling pointer
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords
CVE-2022-31204
7.5 - High
- July 26, 2022
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
Cleartext Transmission of Sensitive Information
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
CVE-2022-25230
7.8 - High
- March 10, 2022
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.
Dangling pointer
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
CVE-2022-25234
7.8 - High
- March 10, 2022
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
Memory Corruption
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
CVE-2022-25325
7.8 - High
- March 10, 2022
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
Dangling pointer
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
CVE-2022-21124
7.8 - High
- March 10, 2022
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.
Memory Corruption
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite
CVE-2022-21219
7.8 - High
- March 10, 2022
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Out-of-bounds Read
When processing project files
CVE-2019-6556
6.6 - Medium
- April 10, 2019
When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Dangling pointer
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior)
CVE-2018-18993
7.8 - High
- December 04, 2018
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application.
Memory Corruption
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior)
CVE-2018-18989
7.8 - High
- December 04, 2018
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Dangling pointer
Parsing malformed project files in Omron CX-One versions 4.42 and prior
CVE-2018-7514
7.8 - High
- April 17, 2018
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
Buffer Overflow
Parsing malformed project files in Omron CX-One versions 4.42 and prior
CVE-2018-8834
7.8 - High
- April 17, 2018
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
Buffer Overflow
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may
CVE-2018-7530
7.8 - High
- April 17, 2018
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.
Range Error
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Omron Switch Box Utility or by Omron? Click the Watch button to subscribe.
