Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.
Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.
In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result.
| CVE ID ⇅ | Severity ↓ | Description | |
|---|---|---|---|
| CVE-2000-0704 | HIGH | Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via… | › |
| CVE-2020-27261 | HIGH | The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may al… | › |
| CVE-2020-27259 | HIGH | The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memor… | › |
| CVE-2019-18251 | HIGH | In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Versi… | › |
| CVE-2022-45790 | HIGH | The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentica… | › |
| CVE-2019-13533 | HIGH | In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monit… | › |
| CVE-2022-3398 | HIGH | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attac… | › |
| CVE-2022-3397 | HIGH | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attac… | › |
| CVE-2022-3396 | HIGH | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attac… | › |
| CVE-2022-26419 | HIGH | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow c… | › |
| CVE-2022-26417 | HIGH | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition whil… | › |
| CVE-2022-26022 | HIGH | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processin… | › |
| CVE-2022-25959 | HIGH | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a s… | › |
| CVE-2022-21137 | HIGH | Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processin… | › |
| CVE-2021-27413 | HIGH | Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerabl… | › |
| CVE-2020-27257 | HIGH | This vulnerability allows local attackers to execute arbitrary code due to the lack of proper valida… | › |
| CVE-2018-17913 | HIGH | A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions … | › |
| CVE-2018-17909 | HIGH | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fai… | › |
| CVE-2018-17905 | HIGH | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a… | › |
| CVE-2018-8834 | HIGH | Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app… | › |
| CVE-2018-7530 | HIGH | Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app… | › |
| CVE-2018-7514 | HIGH | Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app… | › |
| CVE-2022-31205 | HIGH | In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the… | › |
| CVE-2022-31204 | HIGH | Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feat… | › |
| CVE-2022-33971 | HIGH | Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 se… | › |
| CVE-2020-6986 | HIGH | In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets withi… | › |