[Japanese]

JVNDB-2023-002786

Multiple vulnerabilities in OMRON CX-Programmer

Overview

CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below.

* Out-of-bounds read (CWE-125) - CVE-2023-38746
* Heap-based buffer overflow (CWE-122) - CVE-2023-38747
* Use after free (CWE-416) - CVE-2023-38748

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38746


CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38747


CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38748
Affected Products


OMRON Corporation
  • CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier

Impact

By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
The version that contains the fix for this vulnerability is as follows.

* CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.81 or later

Regarding the details of how to obtain the update or how to update the firmware, contact the developer and/or the sales representatives.
Vendor Information

OMRON Corporation
CWE (What is CWE?)

  1. Heap-based Buffer Overflow(CWE-122) [Other]
  2. Out-of-bounds Read(CWE-125) [Other]
  3. Use After Free(CWE-416) [Other]
CVE (What is CVE?)

  1. CVE-2023-38746
  2. CVE-2023-38747
  3. CVE-2023-38748
References

  1. JVN : JVNVU#93286117
  2. National Vulnerability Database (NVD) : CVE-2023-38746
  3. National Vulnerability Database (NVD) : CVE-2023-38747
  4. National Vulnerability Database (NVD) : CVE-2023-38748
Revision History

  • [2023/08/03]
      Web page was published
  • [2024/04/05]
      References : Contents were added