Use After Free Vulnerability in CX-Programmer by Rockwell Automation
CVE-2023-22314

7.8HIGH

Key Information:

Vendor: Omron Corporation
Status: Cx-programmer
Vendor: CVE Published:; 3 August 2023

🔔 Create Omron Corporation Vulnerability Alert

What is CVE-2023-22314?

A use after free vulnerability has been identified in CX-Programmer versions prior to 9.79. This vulnerability allows an attacker to exploit the software by having a user open a specially crafted CXP file. If successfully triggered, it can lead to significant information disclosure and may facilitate arbitrary code execution on the affected system. The implications of this vulnerability make it essential for users to upgrade to the latest version to mitigate potential risks.

Affected Version(s)

CX-Programmer Ver.9.79 and earlier

References

https://jvn.jp/en/vu/JVNVU92877622/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Dec 27, 2022