CVE-2023-38748

Summary

Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.

Affected Software

VendorProductVersion RangeStatus
OMRON CorporationCX-ProgrammerIncluded in CX-One CXONE-AL[][]D-V4 V9.80 and earlieraffected

Weaknesses

  • Use after free

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References