CVE-2023-38746
First published: Thu Aug 03 2023(Updated: )
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron CX-Programmer | <=9.80 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-38746.
What is the severity of CVE-2023-38746?
The severity of CVE-2023-38746 is high with a CVSS score of 7.8.
What is the affected software by CVE-2023-38746?
The affected software by CVE-2023-38746 is CX-Programmer included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier.
How can this vulnerability be exploited?
This vulnerability can be exploited by having a user open a specially crafted CXP file, which may lead to information disclosure and/or arbitrary code execution.
Is there a fix for CVE-2023-38746?
Yes, the vendor has provided a fix for CVE-2023-38746. Please refer to the vendor's advisory for more information.
- collector/nvd-latest
- collector/nvd-index
- collector/nvd-api
- agent/weakness
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/omron
- canonical/omron cx-programmer
- version/omron cx-programmer/9.80