Vulnerabilities > Omron

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-38744 Unspecified vulnerability in Omron products
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit.
network
low complexity
omron
7.5
2023-08-03 CVE-2023-38746 Out-of-bounds Read vulnerability in Omron Cx-Programmer
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier.
local
low complexity
omron CWE-125
7.8
2023-06-19 CVE-2023-27396 Missing Authentication for Critical Function vulnerability in Omron products
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products.
network
low complexity
omron CWE-306
critical
9.8
2023-05-10 CVE-2023-27385 Out-of-bounds Write vulnerability in Omron Cx-Drive 3.00/3.01
Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions.
local
low complexity
omron CWE-787
7.8
2023-03-16 CVE-2023-0811 Unspecified vulnerability in Omron products
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored.
network
low complexity
omron
critical
9.1
2023-01-30 CVE-2023-22322 XXE vulnerability in Omron Cx-Motion PRO 1.4.6.013
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier.
local
low complexity
omron CWE-611
5.5
2023-01-17 CVE-2023-22357 Unspecified vulnerability in Omron Cp1L-El20Dr-D Firmware
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication.
network
low complexity
omron
critical
9.8
2023-01-17 CVE-2023-22366 Access of Uninitialized Pointer vulnerability in Omron Cx-Motion-Mch Firmware 2.32
CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability.
local
low complexity
omron CWE-824
7.8
2022-12-21 CVE-2022-46282 Use After Free vulnerability in Omron Cx-Drive 3.00
Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,
local
low complexity
omron CWE-416
7.8
2022-12-07 CVE-2022-43508 Use After Free vulnerability in Omron Cx-Programmer
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
local
low complexity
omron CWE-416
7.8