Improper XML External Entity Handling in OMRON CX-Motion Pro
CVE-2023-22322

5.5MEDIUM

Key Information:

Vendor: Omron Corporation
Status: Cx-motion Pro
Vendor: CVE Published:; 30 January 2023

🔔 Create Omron Corporation Vulnerability Alert

What is CVE-2023-22322?

An improper restriction of XML external entity (XXE) vulnerability has been identified in OMRON CX-Motion Pro versions 1.4.6.013 and earlier. This vulnerability occurs when a user opens a maliciously crafted project file that an attacker has designed, potentially exposing sensitive information stored on the file system where CX-Motion Pro is installed. This risk emphasizes the importance of validating and sanitizing input within software applications to protect against unauthorized access or data leakage.

Affected Version(s)

CX-Motion Pro 1.4.6.013 and earlier

References

https://jvn.jp/en/vu/JVNVU94200979/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Dec 28, 2022