Vulnerabilities in OMRON Corporation

35 results
CVE-2022-33208Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, MachiEPSS 1.6%CVE-2022-21124Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause iEPSS 1.4%CVE-2023-27396CRITICALFINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation)EPSS 1.4%CVE-2023-22357CRITICALActive debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being execuEPSS 1.2%CVE-2022-34151CRITICALUse of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automatEPSS 1.1%CVE-2022-33971HIGHAuthentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, MachiEPSS 1.0%CVE-2022-25230Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause informEPSS 1.0%CVE-2022-25325Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause informEPSS 1.0%CVE-2022-25234Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause iEPSS 1.0%CVE-2022-21219Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause inEPSS 1.0%CVE-2024-27121HIGHPath traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary filEPSS 0.9%CVE-2021-20836Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause informaEPSS 0.8%CVE-2023-38744Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port ofEPSS 0.7%CVE-2024-12083MEDIUMPath Traversal Vulnerabilities in NJ/NX-series Machine Automation ControllersEPSS 0.6%CVE-2022-43667HIGHStack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrEPSS 0.3%CVE-2022-43508HIGHUse-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execEPSS 0.2%CVE-2024-31412HIGHOut-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially craftedEPSS 0.2%CVE-2022-43509HIGHOut-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary codeEPSS 0.2%CVE-2024-31413MEDIUMFree of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD veEPSS 0.2%CVE-2022-46282HIGHUse after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specEPSS 0.2%