[Japanese]
|
JVNDB-2023-002786
|
Multiple vulnerabilities in OMRON CX-Programmer
|
CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below.
* Out-of-bounds read (CWE-125) - CVE-2023-38746
* Heap-based buffer overflow (CWE-122) - CVE-2023-38747
* Use after free (CWE-416) - CVE-2023-38748
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
CVSS V3 Severity: Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38746
|
CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38747
|
CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38748
|
|
OMRON Corporation
- CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier
|
|
By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
The version that contains the fix for this vulnerability is as follows.
* CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.81 or later
Regarding the details of how to obtain the update or how to update the firmware, contact the developer and/or the sales representatives.
|
OMRON Corporation
|
- Heap-based Buffer Overflow(CWE-122) [Other]
- Out-of-bounds Read(CWE-125) [Other]
- Use After Free(CWE-416) [Other]
|
- CVE-2023-38746
- CVE-2023-38747
- CVE-2023-38748
|
- JVN : JVNVU#93286117
- National Vulnerability Database (NVD) : CVE-2023-38746
- National Vulnerability Database (NVD) : CVE-2023-38747
- National Vulnerability Database (NVD) : CVE-2023-38748
|
- [2023/08/03]
Web page was published
- [2024/04/05]
References : Contents were added
|