Filtered by vendor Omron
Subscriptions
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7523 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. | ||||
| CVE-2018-7521 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. | ||||
| CVE-2018-7519 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 5.3 Medium |
| In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. | ||||
| CVE-2018-7517 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. | ||||
| CVE-2018-7515 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 5.3 Medium |
| In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets. | ||||
| CVE-2018-7514 | 1 Omron | 7 Cx-flnet, Cx-one, Cx-programmer and 4 more | 2024-11-21 | 7.8 High |
| Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow. | ||||
| CVE-2018-7513 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 5.3 Medium |
| In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. | ||||
| CVE-2018-6624 | 1 Omron | 7 Ns10, Ns12, Ns15 and 4 more | 2024-11-21 | N/A |
| OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. | ||||
| CVE-2018-19027 | 1 Omron | 2 Cx-one, Cx-protocol | 2024-11-21 | N/A |
| Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||||
| CVE-2018-19020 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array. | ||||
| CVE-2018-19019 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||||
| CVE-2018-19018 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||||
| CVE-2018-19017 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||||
| CVE-2018-19015 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 7.3 High |
| An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. | ||||
| CVE-2018-19013 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | ||||
| CVE-2018-19011 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. | ||||
| CVE-2018-18993 | 1 Omron | 3 Cx-one, Cx-programmer, Cx-server | 2024-11-21 | 7.8 High |
| Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. | ||||
| CVE-2018-18989 | 1 Omron | 3 Cx-one, Cx-programmer, Cx-server | 2024-11-21 | N/A |
| In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||||
| CVE-2018-17913 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. | ||||
| CVE-2018-17909 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. | ||||