Stephen Dunlap

**Name of the Vulnerable Software and Affected Versions** Omron CX-One CX-Programmer versions prior to 9.6 **Description** The issue is related to the reversible format used for password storage in project source-code files. This makes it easier for local users to obtain sensitive information by reading a file. The vulnerability can be exploited by a remote attacker to gain access to the controller by reading the source code of the program control files using the `Transfer To File` function. **Recommendations** For Omron CX-One CX-Programmer versions prior to 9.6, update to version 9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to project source-code files to minimize the risk of exploitation. Avoid using the reversible password storage format until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Omron CX-One CX-Programmer versions prior to 9.6 Omron CJ2M PLC devices versions prior to 2.1 Omron CJ2H PLC devices versions prior to 1.5 **Description** The issue is related to the transmission of passwords in cleartext, which can be exploited by a remote attacker to obtain sensitive information by sniffing the network traffic during the authentication process. This can allow an attacker to intercept passwords, potentially leading to unauthorized access. **Recommendations** For Omron CX-One CX-Programmer versions prior to 9.6, update to version 9.6 or later to resolve the issue. For Omron CJ2M PLC devices versions prior to 2.1, update to version 2.1 or later to resolve the issue. For Omron CJ2H PLC devices versions prior to 1.5, update to version 1.5 or later to resolve the issue.