Published:2023/01/11 Last Updated:2023/01/11
JVNVU#91744508
Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH
Overview
OMRON CX-Motion-MCH contains an access of uninitialized pointer vulnerability.
Products Affected
- CX-Motion-MCH v2.32 and earlier
Description
CX-Motion-MCH provided by OMRON Corporation contains an access of uninitialized pointer vulnerability (CWE-824, CVE-2023-22366).
Impact
Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer provides the below version that contains a fix for this vulnerability through its CX-Motion-MCH Auto-Update service.
- CX-Motion-MCH v2.33
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-22366 |
| JVN iPedia |
|