ID
VAR-202211-1694
CVE
CVE-2022-43508
TITLE
Made by Omron CX-Programmer Multiple vulnerabilities in
Trust: 0.8
DESCRIPTION
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | omron | model: | cx-programmer | scope: | lte | version: | 9.77 | Trust: 1.0 |
| vendor: | オムロン株式会社 | model: | cx-programmer | scope: | lte | version: | ver.9.77 and earlier - cve-2022-43508 | Trust: 0.8 |
| vendor: | オムロン株式会社 | model: | cx-programmer | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | オムロン株式会社 | model: | cx-programmer | scope: | lte | version: | ver.9.79 and earlier - cve-2023-22277 , cve-2023-22317 , cve-2023-22314 | Trust: 0.8 |
| vendor: | オムロン株式会社 | model: | cx-programmer | scope: | lte | version: | ver.9.78 and earlier - cve-2022-43509 , cve-2022-43667 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.1 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
| problemtype: | Use of freed memory (CWE-416) [ others ] | Trust: 0.8 |
| problemtype: | Out-of-bounds writing (CWE-787) [ others ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
resource management error
Trust: 0.6
PATCH
| title: | Information from Omron Corporation | url: | https://jvn.jp/vu/JVNVU92877622/995504/index.html | Trust: 0.8 |
| title: | Omron CX-Programmer Remediation of resource management error vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=216967 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-43508 | Trust: 3.3 |
| db: | JVN | id: | JVNVU92877622 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2022-002765 | Trust: 1.4 |
| db: | ICS CERT | id: | ICSA-22-356-04 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202211-3543 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-440560 | Trust: 0.1 |
REFERENCES
| url: | https://jvn.jp/vu/jvnvu92877622/index.html | Trust: 2.5 |
| url: | https://jvn.jp/en/vu/jvnvu92877622/index.html | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-43508 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-43509 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-43667 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-22277 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-22314 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-22317 | Trust: 0.8 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-04 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-43508/ | Trust: 0.6 |
| url: | https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002765.html | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-440560 |
| db: | JVNDB | id: | JVNDB-2022-002765 |
| db: | CNNVD | id: | CNNVD-202211-3543 |
| db: | NVD | id: | CVE-2022-43508 |
LAST UPDATE DATE
2024-08-14T14:37:10.145000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-440560 | date: | 2022-12-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-002765 | date: | 2024-04-05T09:14:00 |
| db: | CNNVD | id: | CNNVD-202211-3543 | date: | 2022-12-12T00:00:00 |
| db: | NVD | id: | CVE-2022-43508 | date: | 2022-12-09T01:29:04.687 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-440560 | date: | 2022-12-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-002765 | date: | 2022-11-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-202211-3543 | date: | 2022-11-25T00:00:00 |
| db: | NVD | id: | CVE-2022-43508 | date: | 2022-12-07T04:15:10.790 |