Latest Omron Vulnerabilities

CVE-2022-45792
Directory Traversal in Project File Format allows overwrite (Zip Slip)
Omron Sysmac Studio<1.54.0
CVE-2022-45790
Omron FINS memory protection susceptible to bruteforce
Omron Cj1g-cpu45p Firmware<4.1
Omron Cj1g-cpu45p
Omron Cj1g-cpu45p-gtc Firmware<4.1
Omron Cj1g-cpu45p-gtc
Omron Cj1g-cpu44p Firmware<4.1
Omron Cj1g-cpu44p
and 86 more
CVE-2022-45794
Omron CJ-series and CS-series unauthenticated filesystem access.
Omron Sysmac Cj2h-cpu64-eip Firmware
Omron Sysmac Cj2h-cpu64-eip
Omron Sysmac Cj2h-cpu64 Firmware
Omron Sysmac Cj2h-cpu64
Omron Sysmac Cj2h-cpu65-eip Firmware
Omron Sysmac Cj2h-cpu65-eip
and 76 more
CVE-2022-45793
Executable files writable by low-privileged users in Omron Sysmac Studio
Omron Automation Software Sysmac Studio<=1.54
CVE-2023-22277
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vu...
Omron CX-Programmer<=9.79
CVE-2023-22317
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vu...
Omron CX-Programmer<=9.79
CVE-2023-22314
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vu...
Omron CX-Programmer<=9.79
CVE-2023-38748
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary ...
Omron CX-Programmer<=9.80
CVE-2023-38747
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/o...
Omron CX-Programmer<=9.80
CVE-2023-38746
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or ...
Omron CX-Programmer<=9.80
CVE-2023-38744
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function o...
Omron Cj2m-cpu35 Firmware<=2.18
Omron Cj2m-cpu35
Omron Cj2m-cpu34 Firmware<=2.18
Omron Cj2m-cpu34
Omron Cj2m-cpu33 Firmware<=2.18
Omron Cj2m-cpu33
and 18 more
CVE-2023-27396
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON prod...
Omron Cs1w-eip21 Firmware
Omron Cs1w-eip21
Omron Cs1w-spu01-v2 Firmware
Omron Cs1w-spu01-v2
Omron Cs1w-spu02-v2 Firmware
Omron Cs1w-spu02-v2
and 536 more
CVE-2023-27385
Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclo...
Omron Cx-drive<=3.01
CVE-2023-0811
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they ...
Omron Sysmac Cj2h-cpu64 Firmware
Omron Sysmac Cj2h-cpu64
Omron Sysmac Cj2h-cpu64-eip Firmware
Omron Sysmac Cj2h-cpu64-eip
Omron Sysmac Cj2h-cpu65 Firmware
Omron Sysmac Cj2h-cpu65
and 276 more
CVE-2023-22357
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacke...
Omron Cp1l-el20dr-d Firmware
OMRON CP1L-EL20DR-D
CVE-2023-22366
CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary co...
Omron Cx-motion-mch Firmware<2.33
Omron Cx-motion-mch
CVE-2022-46282
Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,
Omron Cx-drive<=3.00
CVE-2022-43509
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP ...
Omron CX-Programmer<=9.77
Omron CX-Programmer<=9.78
CVE-2022-43508
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Omron CX-Programmer<=9.77
CVE-2022-43667
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially craf...
Omron CX-Programmer<=9.77
CVE-2022-3398
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Omron CX-Programmer<=9.78
CVE-2022-3397
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Omron CX-Programmer<=9.78
CVE-2022-3396
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Omron CX-Programmer<=9.78
CVE-2022-31204
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order...
Omron Sysmac Cs1 Firmware<4.1
Omron Sysmac Cs1
Omron Sysmac Cj2m Firmware<2.1
Omron Sysmac Cj2m
Omron Sysmac Cj2h Firmware<1.5
Omron Sysmac Cj2h
and 9 more
CVE-2022-31205
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol wit...
Omron Sysmac Cs1 Firmware<4.1
Omron Sysmac Cs1
Omron Sysmac Cj2m Firmware<2.1
Omron Sysmac Cj2m
Omron Sysmac Cj2h Firmware<1.5
Omron Sysmac Cj2h
and 8 more
CVE-2022-31207
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purp...
Omron Sysmac Cs1 Firmware<4.1
Omron Sysmac Cs1
Omron Sysmac Cj2m Firmware<2.1
Omron Sysmac Cj2m
Omron Sysmac Cj2h Firmware<1.5
Omron Sysmac Cj2h
and 8 more
CVE-2022-31206
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engin...
Omron Nx701-1600 Firmware<1.29
Omron Nx701-1600
Omron Nx701-1620 Firmware<1.29
Omron Nx701-1620
Omron Nx701-1700 Firmware<1.29
Omron Nx701-1700
and 44 more
CVE-2022-33208
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and ear...
Omron Nx701-1600 Firmware<=1.28
Omron Nx701-1600
Omron Nx701-1700 Firmware<=1.28
Omron Nx701-1700
Omron Nx701-z700 Firmware<=1.28
Omron Nx701-z700
and 107 more
CVE-2022-34151
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Mach...
Omron Nx701-1600 Firmware<=1.28
Omron Nx701-1600
Omron Nx701-1700 Firmware<=1.28
Omron Nx701-1700
Omron Nx701-z700 Firmware<=1.28
Omron Nx701-z700
and 107 more
CVE-2022-33971
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and ear...
Omron Nx701-1600 Firmware<=1.28
Omron Nx701-1600
Omron Nx701-1700 Firmware<=1.28
Omron Nx701-1700
Omron Nx701-z700 Firmware<=1.28
Omron Nx701-z700
and 98 more
CVE-2022-25959
Omron CX-One CX-Position NCI File Parsing Memory Corruption Remote Code Execution Vulnerability
Omron CX-One
Omron CX-Position<=2.5.3
CVE-2022-26419
Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Omron CX-One
Omron CX-Position<=2.5.3
CVE-2022-26417
Omron CX-One CX-Position NCI File Parsing Use-After-Free Remote Code Execution Vulnerability
Omron CX-One
Omron CX-Position<=2.5.3
CVE-2022-25325
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a...
Omron CX-Programmer<9.77
CVE-2022-25234
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by hav...
Omron CX-Programmer<9.77
CVE-2022-25230
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a...
Omron CX-Programmer<9.77
CVE-2022-21219
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by havi...
Omron CX-Programmer<9.77
CVE-2022-21124
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by hav...
Omron CX-Programmer<9.77
CVE-2022-21137
Omron CX-One SDD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Omron CX-One
Omron CX-One<=4.60
CVE-2021-20836
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a...
Omron CX-Supervisor=4.0.0.13
Omron CX-Supervisor=4.0.0.16
CVE-2021-27413
Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
Omron CX-One<=4.60
Omron Cx-server<=5.0.29
CVE-2020-27257
Omron CX-One PSW File Parsing Type Confusion Remote Code Execution Vulnerability
Omron CX-One
Omron CX-One<=4.60
Omron CX-Position<=2.52
Omron Cx-protocol<=2.02
Omron Cx-server<=5.0.28
CVE-2020-6986
In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC ser...
Omron Plc Cj1 Firmware
Omron Plc Cj1
Omron Plc Cj2 Firmware
Omron Plc Cj2
CVE-2019-18261
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentic...
Omron Plc Cj Firmware
Omron Plc Cs Firmware
Omron Plc Nj Firmware
CVE-2019-18259
Omron Plc Cj Firmware
Omron Plc Cs Firmware
CVE-2019-13533
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening a...
Omron Plc Cj Firmware
Omron Plc Cs Firmware
CVE-2019-10971
The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the applicatio...
Omron Network Configurator For Devicenet Safety<=3.41
CVE-2019-6556
OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability
Omron CX-One
Omron Common Components<=2019-01
Omron CX-Programmer<=9.70
CVE-2018-16207
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.
Omron Poweract Pro Master Agent<=5.13
CVE-2018-19020
When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.
Omron CX-Supervisor<=3.42

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203