CVE-2015-0988

Name of the Vulnerable Software and Affected Versions Omron CX-One CX-Programmer versions prior to 9.6

Description The issue is related to the reversible format used for password storage in project source-code files. This makes it easier for local users to obtain sensitive information by reading a file. The vulnerability can be exploited by a remote attacker to gain access to the controller by reading the source code of the program control files using the Transfer To File function.

Recommendations For Omron CX-One CX-Programmer versions prior to 9.6, update to version 9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to project source-code files to minimize the risk of exploitation. Avoid using the reversible password storage format until the issue is resolved.