Vulnerabilities > Omron
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-21 | CVE-2018-7521 | Use After Free vulnerability in Omron Cx-Supervisor 3.5 In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. | 4.6 |
| 2018-03-21 | CVE-2018-7519 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Omron Cx-Supervisor 3.5 In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. | 4.6 |
| 2018-03-21 | CVE-2018-7517 | Out-of-bounds Write vulnerability in Omron Cx-Supervisor 3.5 In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. | 4.6 |
| 2018-03-21 | CVE-2018-7515 | NULL Pointer Dereference vulnerability in Omron Cx-Supervisor 3.5 In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets. | 4.6 |
| 2018-03-21 | CVE-2018-7513 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Omron Cx-Supervisor 3.5 In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. | 4.6 |
| 2018-02-05 | CVE-2018-6624 | Forced Browsing vulnerability in Omron NS Series Firmware OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. | 7.5 |
| 2015-10-06 | CVE-2015-1015 | Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. | 2.1 |
| 2015-10-06 | CVE-2015-0988 | Information Exposure vulnerability in Omron Cx-Programmer Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. | 2.1 |
| 2015-10-06 | CVE-2015-0987 | Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | 5.0 |
| 2014-07-24 | CVE-2014-2370 | Cross-Site Scripting vulnerability in Omron products Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | 3.5 |