PT-2023-4153 · Omron · Cx-Programmer

Michael Heinzl

Published

2023-08-03

Updated

2023-08-08

CVE-2023-38748

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CX-Programmer versions prior to V9.80

Description The issue is related to a use after free vulnerability, which can be exploited by having a user open a specially crafted CXP file. This may lead to information disclosure and/or arbitrary code execution.

Recommendations For versions prior to V9.80, update to a version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted CXP files to minimize the risk of exploitation. Restrict access to the CX-Programmer to minimize the risk of exploitation until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2023-04464

CVE-2023-38748

Affected Products

Cx-Programmer

PT-2023-4153 · Omron · Cx-Programmer

CVE-2023-38748

Weakness Enumeration

Related Identifiers

Affected Products

References · 8