Published:2023/01/11  Last Updated:2023/01/11

JVNVU#91744508
Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH

Overview

OMRON CX-Motion-MCH contains an access of uninitialized pointer vulnerability.

Products Affected

  • CX-Motion-MCH v2.32 and earlier

Description

CX-Motion-MCH provided by OMRON Corporation contains an access of uninitialized pointer vulnerability (CWE-824, CVE-2023-22366).

Impact

Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer provides the below version that contains a fix for this vulnerability through its CX-Motion-MCH Auto-Update service.

  • CX-Motion-MCH v2.33

Vendor Status

Vendor Status Last Update Vendor Notes
OMRON Corporation Vulnerable 2023/01/11

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-22366
JVN iPedia