ID
VAR-202209-0069
CVE
CVE-2022-2979
TITLE
Made by Omron CX-Programmer Freed memory usage in ( use-after-free ) vulnerability
Trust: 0.8
DESCRIPTION
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Provided by Omron Corporation CX-Programmer freed memory usage ( use-after-free ) vulnerability ( CWE-416 , CVE-2022-2979 ) Exists. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software developed by Japan's Omron Corporation. Omron CX-Programmer
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | omron | model: | cx-programmer | scope: | lt | version: | 9.78 | Trust: 1.0 |
| vendor: | オムロン株式会社 | model: | cx-programmer | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | オムロン株式会社 | model: | cx-programmer | scope: | lt | version: | 9.78 earlier | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.1 |
| problemtype: | Use of freed memory (CWE-416) [ others ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
resource management error
Trust: 0.6
PATCH
| title: | CX-One Version upgrade Program: Support Tool: Omron Omron Corporation | url: | https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html | Trust: 0.8 |
| title: | Omron CX-Programmer Remediation of resource management error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207869 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-2979 | Trust: 3.4 |
| db: | ICS CERT | id: | ICSA-22-242-09 | Trust: 2.6 |
| db: | JVN | id: | JVNVU90019919 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-002344 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202209-737 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-428673 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-2979 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09 | Trust: 2.6 |
| url: | http://jvn.jp/vu/jvnvu90019919/index.html | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-2979 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-2979/ | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-428673 |
| db: | VULMON | id: | CVE-2022-2979 |
| db: | JVNDB | id: | JVNDB-2022-002344 |
| db: | CNNVD | id: | CNNVD-202209-737 |
| db: | NVD | id: | CVE-2022-2979 |
LAST UPDATE DATE
2024-08-14T14:17:43.758000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-428673 | date: | 2022-09-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-002344 | date: | 2024-06-13T03:31:00 |
| db: | CNNVD | id: | CNNVD-202209-737 | date: | 2022-09-16T00:00:00 |
| db: | NVD | id: | CVE-2022-2979 | date: | 2022-09-15T19:27:21.957 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-428673 | date: | 2022-09-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-002344 | date: | 2022-09-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202209-737 | date: | 2022-09-12T00:00:00 |
| db: | NVD | id: | CVE-2022-2979 | date: | 2022-09-12T21:15:10.230 |