CVE-2025-0591

Out-of-bounds Read vulnerability in CX-Programmer

Description

Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.

Remediation

Solution:

  • Update your CX-Programmer to the countermeasure version to fix the vulnerability. For information on how to obtain and update the countermeasure version of the product, please contact our sales representative or distributor. You can update CX-One to the latest versions using the installed Omron Automation Software AutoUpdate tool.

Workaround:

  • OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities. 1. Anti-virus protection Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. 2. Security measures to prevent unauthorized access - Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them. - Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network. - Use a virtual private network (VPN) for remote access to control systems and equipment. - Use strong passwords and change them frequently. - Install physical controls so that only authorized personnel can access control systems and equipment. - Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. - Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. 3. Data input and output protection Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. 4. Data recovery Periodical data backup and maintenance to prepare for data loss.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Affected: OMRON Corporation FA Integrated Tool Package CX-One
Published at:
Updated at:

References

Link Tags
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-003_en.pdf
https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-003_ja.pdf

Frequently Asked Questions

What is the severity of CVE-2025-0591?
CVE-2025-0591 has been scored as a high severity vulnerability.
How to fix CVE-2025-0591?
To fix CVE-2025-0591: Update your CX-Programmer to the countermeasure version to fix the vulnerability. For information on how to obtain and update the countermeasure version of the product, please contact our sales representative or distributor. You can update CX-One to the latest versions using the installed Omron Automation Software AutoUpdate tool.
Is CVE-2025-0591 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-0591 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0591?
CVE-2025-0591 affects OMRON Corporation FA Integrated Tool Package CX-One.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.