VYPR

Cx Programmer

by Omron

CVEs (21)

  • CVE-2015-0987CriOct 6, 2015
    risk 0.65cvss 10.0epss 0.01

    Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

  • CVE-2025-0591HigFeb 17, 2025
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.

  • CVE-2024-31412HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed.

  • CVE-2018-7530HigApr 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…

  • CVE-2018-7514HigApr 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…

  • CVE-2023-22277Aug 3, 2023
    risk 0.00cvss epss 0.00

    Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.

  • CVE-2023-38748Aug 3, 2023
    risk 0.00cvss epss 0.00

    Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.

  • CVE-2023-38747Aug 3, 2023
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.

  • CVE-2023-38746Aug 3, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.

  • CVE-2022-43509Dec 7, 2022
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.

  • CVE-2022-43667Dec 7, 2022
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.

  • CVE-2022-3396Oct 6, 2022
    risk 0.00cvss epss 0.01

    OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.

  • CVE-2022-3398Oct 6, 2022
    risk 0.00cvss epss 0.01

    OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.

  • CVE-2022-3397Oct 6, 2022
    risk 0.00cvss epss 0.01

    OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.

  • CVE-2022-2979Sep 12, 2022
    risk 0.00cvss epss 0.00

    Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.

  • CVE-2022-25325Mar 7, 2022
    risk 0.00cvss epss 0.01

    Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different…

  • CVE-2022-21219Mar 7, 2022
    risk 0.00cvss epss 0.01

    Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.

  • CVE-2019-6556Apr 10, 2019
    risk 0.00cvss epss 0.01

    When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the…

  • CVE-2018-18989Dec 4, 2018
    risk 0.00cvss epss 0.02

    In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit…

  • CVE-2015-1015Oct 6, 2015
    risk 0.00cvss epss 0.00

    Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file.

Page 1 of 2