Login Sign Up

CVE-2023-22314

7.8 HIGH
Remote Code Execution

📋 TL;DR

A use-after-free vulnerability in Omron CX-Programmer versions 9.79 and earlier allows attackers to cause information disclosure or arbitrary code execution by tricking users into opening malicious CXP files. This affects all users of vulnerable CX-Programmer software for PLC programming. The vulnerability is distinct from other recent CX-Programmer CVEs.

💻 Affected Systems

Products:
  • Omron CX-Programmer
Versions: Version 9.79 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of vulnerable versions. CXP files are project files used for PLC programming.

📦 What is this software?

Cx Programmer by Omron

View all CVEs affecting Cx Programmer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining code execution at the user's privilege level, potentially leading to lateral movement, data theft, or industrial control system manipulation.

🟠

Likely Case

Local privilege escalation or system compromise when users open malicious CXP files, potentially affecting PLC programming environments and connected industrial systems.

🟢

If Mitigated

Limited impact with proper user training and file validation controls preventing malicious file execution.

🌐 Internet-Facing: LOW - This requires user interaction with malicious files and is not directly exploitable over network interfaces.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious CXP file. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 9.80 or later

Vendor Advisory: https://www.omron.com/global/en/

Restart Required: Yes

Instructions:

1. Download CX-Programmer version 9.80 or later from Omron's official website. 2. Uninstall the vulnerable version. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict CXP file handling

windows

Configure system to open CXP files only with updated software or in sandboxed environments

User awareness training

all

Train users to only open CXP files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized software
  • Use sandboxing or virtualization for CX-Programmer execution

🔍 How to Verify

Check if Vulnerable:

Check CX-Programmer version in Help > About. If version is 9.79 or earlier, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify installed version is 9.80 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes of CX-Programmer
  • Unusual file access patterns for CXP files

Network Indicators:

  • No direct network indicators - exploitation is file-based

SIEM Query:

Process creation where parent process is CX-Programmer AND command line contains suspicious parameters

📊 Metadata

CVE ID: CVE-2023-22314
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: August 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22314, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)