Cx Programmer
Approved changes feed: RSS · Atom
cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Omron (675649e9-6a71-548a-9a9b-e097b9db785b) |
|---|---|
| Product | Cx Programmer (71db2a59-c13c-5edd-ae17-558e703de505) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-31412 |
vulnerable | 2026-06-08 06:35:31.494132 |
Details available
Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed.
Published: 2024-05-01T12:52:13.173Z
Updated: 2024-08-02T01:52:56.842Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38748 |
vulnerable | 2026-06-08 06:08:18.817358 |
Details available
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Published: 2023-08-03T05:09:16.186Z
Updated: 2024-10-17T15:44:46.018Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38747 |
vulnerable | 2026-06-08 06:08:18.816782 |
Details available
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Published: 2023-08-03T05:00:34.672Z
Updated: 2024-10-21T19:34:50.342Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38746 |
vulnerable | 2026-06-08 06:08:18.816380 |
Details available
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
Published: 2023-08-03T04:58:30.228Z
Updated: 2024-10-17T15:03:39.363Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22317 |
vulnerable | 2026-06-08 05:54:23.705634 |
Details available
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.
Published: 2023-08-03T12:56:14.503Z
Updated: 2024-10-17T15:34:00.712Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22314 |
vulnerable | 2026-06-08 05:54:23.701504 |
Details available
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.
Published: 2023-08-03T12:59:07.012Z
Updated: 2024-10-17T14:27:35.927Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22277 |
vulnerable | 2026-06-08 05:54:23.319752 |
Details available
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.
Published: 2023-08-03T13:05:45.204Z
Updated: 2024-10-17T14:21:36.037Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43667 |
vulnerable | 2026-06-08 05:49:33.704138 |
Details available
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Published: 2022-12-07T00:00:00.000Z
Updated: 2025-04-23T14:09:01.756Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43509 |
vulnerable | 2026-06-08 05:49:33.404143 |
Details available
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Published: 2022-12-07T00:00:00.000Z
Updated: 2025-04-23T14:18:24.192Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43508 |
vulnerable | 2026-06-08 05:49:33.403515 |
Details available
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Published: 2022-12-07T00:00:00.000Z
Updated: 2025-04-23T14:46:05.306Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3398 |
vulnerable | 2026-06-08 05:48:20.837989 |
OMRON CX-Programmer Out-of-bounds Write
HIGH (7.8)
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Published: 2022-10-06T16:14:42.036Z
Updated: 2025-04-16T17:46:52.837Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3397 |
vulnerable | 2026-06-08 05:48:20.837527 |
OMRON CX-Programmer Out-of-bounds Write
HIGH (7.8)
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Published: 2022-10-06T16:14:37.846Z
Updated: 2025-04-16T17:47:06.499Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3396 |
vulnerable | 2026-06-08 05:48:20.836986 |
OMRON CX-Programmer Out-of-bounds Write
HIGH (7.8)
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Published: 2022-10-06T16:14:45.632Z
Updated: 2025-04-16T17:46:43.628Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31204 |
vulnerable | 2026-06-08 05:43:40.387925 |
Details available
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
Published: 2022-07-26T21:28:29.000Z
Updated: 2024-08-03T07:11:39.640Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2979 |
vulnerable | 2026-06-08 05:43:36.822505 |
Omron CX-Programmer
HIGH (7.8)
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
Published: 2022-09-12T19:24:03.386Z
Updated: 2025-04-16T17:47:50.966Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25325 |
vulnerable | 2026-06-08 05:41:45.721296 |
Details available
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.
Published: 2022-03-07T09:00:43.000Z
Updated: 2024-08-03T04:36:06.770Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25234 |
vulnerable | 2026-06-08 05:41:45.586059 |
Details available
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.
Published: 2022-03-07T09:00:41.000Z
Updated: 2024-08-03T04:36:06.429Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25230 |
vulnerable | 2026-06-08 05:41:45.583865 |
Details available
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.
Published: 2022-03-07T09:00:40.000Z
Updated: 2024-08-03T04:36:06.681Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-21219 |
vulnerable | 2026-06-08 05:40:00.481923 |
Details available
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Published: 2022-03-07T09:00:38.000Z
Updated: 2024-08-03T02:31:59.068Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-21124 |
vulnerable | 2026-06-08 05:39:58.656670 |
Details available
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.
Published: 2022-03-07T09:00:32.000Z
Updated: 2024-08-03T02:31:59.702Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6556 |
vulnerable | 2026-06-08 05:14:11.994416 |
Details available
When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Published: 2019-04-10T19:48:50.000Z
Updated: 2024-08-04T20:23:22.210Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-8834 |
vulnerable | 2026-06-08 05:12:06.511703 |
Details available
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
Published: 2018-04-17T19:00:00.000Z
Updated: 2024-09-16T19:25:23.504Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7530 |
vulnerable | 2026-06-08 05:12:03.819337 |
Details available
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.
Published: 2018-04-17T19:00:00.000Z
Updated: 2024-09-16T16:28:21.613Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7514 |
vulnerable | 2026-06-08 05:12:03.796846 |
Details available
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
Published: 2018-04-17T19:00:00.000Z
Updated: 2024-09-16T23:35:36.653Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-18993 |
vulnerable | 2026-06-08 05:11:15.064900 |
Details available
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application.
Published: 2018-12-04T22:00:00.000Z
Updated: 2024-08-05T11:23:08.580Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-18989 |
vulnerable | 2026-06-08 05:11:15.060488 |
Details available
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Published: 2018-12-04T22:00:00.000Z
Updated: 2024-08-05T11:23:08.511Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-0988 |
vulnerable | 2026-06-08 05:06:24.445679 |
Details available
Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.
Published: 2015-10-03T10:00:00.000Z
Updated: 2024-08-06T04:26:11.578Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-0987 |
vulnerable | 2026-06-08 05:06:24.444067 |
Details available
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
Published: 2015-10-03T10:00:00.000Z
Updated: 2026-06-02T19:48:51.928Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.