CVE-2023-38746

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 3, 2023

Updated: Aug 8, 2023

CWE ID 125

Summary

CVE-2023-38746 is a newly disclosed vulnerability affecting CX-Programmer, a component of CX-One CXONE-AL[][]D-V4 V9.80 and earlier. This out-of-bounds read issue allows a user, upon opening a maliciously crafted CXP file, to potentially gain unauthorized access to sensitive information or execute arbitrary code, posing a significant security risk. The vulnerability can be exploited through a specially designed CXP file, making it essential for users to install patches or updates as soon as they become available to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OMRON CX-Programmer

Affected Vendors

Omron Foundation Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG3CIQ
https://www.cve.org/CVERecord?id=CVE-2023-38746
https://nvd.nist.gov/vuln/detail/CVE-2023-38746

Back to Vulnerability Database