Vulnerabilities > Omron > CX Programmer

DATE CVE VULNERABILITY TITLE RISK
2018-04-17 CVE-2018-8834 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Omron products
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
local
low complexity
omron CWE-119
4.6
2018-04-17 CVE-2018-7530 Range Error vulnerability in Omron products
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.
local
low complexity
omron CWE-118
4.6
2018-04-17 CVE-2018-7514 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Omron products
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
local
low complexity
omron CWE-119
4.6
2015-10-06 CVE-2015-1015 Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file.
local
low complexity
omron CWE-200
2.1
2015-10-06 CVE-2015-0988 Information Exposure vulnerability in Omron Cx-Programmer
Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.
local
low complexity
omron CWE-200
2.1
2015-10-06 CVE-2015-0987 Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
network
low complexity
omron CWE-200
5.0