Search
Find a vulnerability
Search criteria
3 vulnerabilities found for cj2h-cpu65-eip by omron
VAR-202304-1903
Vulnerability from variot - Updated: 2024-12-25 20:38FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is " FINS header"" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-1903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nj501-r500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad44",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1720",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cj2h-cpu66-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu01-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1w-16er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edr",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ext01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-eip21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "nx102-1220",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts002",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-adb21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-me05m",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-etn21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "nx1p2-1040dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-srt21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edr1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-clk",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1h-xa40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md212",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu31",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu12",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-dam01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu34",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pa3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu13",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts003",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da021",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif12-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc471",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1120",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1340",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4310",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc271",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md211",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1620",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cj2m-cpu15",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu02-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp2e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pd3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1040dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cn811",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu66",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-dab21v",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu14",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu35",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-drm21-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1e-e10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-5300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8ed",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd3",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts004",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts101",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-y20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-fln22",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cj2m-cpu32",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-ncf71",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mab221",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu33",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts102",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad42",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac nx1p \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx7 \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u63a5\u7d9a cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx102 \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"cve": "CVE-2023-27396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-27396",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-27396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-27396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-27396",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is \" FINS header\"\" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "VULMON",
"id": "CVE-2023-27396"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27396",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU91952379",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91000130",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27396",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"id": "VAR-202304-1903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-12-25T20:38:55Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Implemented in multiple Omron products \u00a0FINS\u00a0 Known Issues in Protocol",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf"
},
{
"title": "Omron SYSMAC CS/CJ/CP Series Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244012"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [ others ]",
"trust": 0.8
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate verification of data reliability (CWE-345) [ others ]",
"trust": 0.8
},
{
"problemtype": " Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate restrictions on external operations (CWE-412) [ others ]",
"trust": 0.8
},
{
"problemtype": " Improper control of interaction frequency (CWE-799) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.fa.omron.co.jp/product/vulnerability/omsr-2023-003_ja.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2023-003_en.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91000130/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91952379/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27396"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27396/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-001534.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2023-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2023-06-19T05:15:09.187000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2024-05-23T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2024-12-24T17:15:06.360000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS\u00a0 About security issues in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
}
}
VAR-202308-0463
Vulnerability from variot - Updated: 2024-10-18 03:59Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. This vulnerability information is provided by the developer for the purpose of dissemination to product users. (DoS) may become a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-0463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cj2m-cpu31",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "2.18"
},
{
"model": "cj2m-cpu34",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "2.18"
},
{
"model": "cj2m-cpu32",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "2.18"
},
{
"model": "cs1w-eip21",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.04"
},
{
"model": "cj2h-cpu68-eip",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.04"
},
{
"model": "cj2h-cpu66-eip",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.04"
},
{
"model": "cj2h-cpu67-eip",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.04"
},
{
"model": "cj2h-cpu65-eip",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.04"
},
{
"model": "cj2h-cpu64-eip",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.04"
},
{
"model": "cj2m-cpu35",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "2.18"
},
{
"model": "cj1w-eip21",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "3.04"
},
{
"model": "cj2m-cpu33",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "2.18"
},
{
"model": "cj2m-cpu3\u25a1",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cs1w-eip21",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu6\u25a1-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1w-eip21",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"cve": "CVE-2023-38744",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-38744",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-002787",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-38744",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002787",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. This vulnerability information is provided by the developer for the purpose of dissemination to product users. (DoS) may become a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38744"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"db": "VULMON",
"id": "CVE-2023-38744"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92193064",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-38744",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002787",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-38744",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-38744"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"id": "VAR-202308-0463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-10-18T03:59:15.488000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CJ\u00a0 series \u00a0CJ2\u00a0CPU built in unit \u00a0EtherNet/IP\u00a0 port, and \u00a0CS/CJ\u00a0 series \u00a0EtherNet/IP\u00a0 unit out of service \u00a0(DoS)\u00a0 State Vulnerability",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-006_ja.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1284",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Improper validation for input of specified type (CWE-1287) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2023-006_en.pdf"
},
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu92193064/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92193064/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-38744"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-38744"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-38744"
},
{
"date": "2023-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"date": "2023-08-03T05:15:10.417000",
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-38744"
},
{
"date": "2023-08-02T08:46:00",
"db": "JVNDB",
"id": "JVNDB-2023-002787"
},
{
"date": "2024-10-17T16:35:07.460000",
"db": "NVD",
"id": "CVE-2023-38744"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Omron \u00a0CJ\u00a0 Series and \u00a0CS/CJ\u00a0 Of the series \u00a0EtherNet/IP\u00a0 Denial of service in units \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002787"
}
],
"trust": 0.8
}
}
VAR-202401-1097
Vulnerability from variot - Updated: 2024-08-14 13:19The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. cj1g-cpu45p firmware, cj1g-cpu45p-gtc firmware, cj1g-cpu44p Multiple OMRON Corporation products, including firmware, contain a vulnerability related to improper restriction of excessive authentication attempts.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-1097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cj2h-cpu68-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu64",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cs1h-cpu66h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj1g-cpu44p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1d-cpu67s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu34",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1g-cpu44h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2h-cpu68",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu67-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj1g-cpu45p-gtc",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2h-cpu64-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu67",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2m-cpu33",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1h-cpu67h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1d-cpu67p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cs1g-cpu43h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-cpu13",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu12",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu15",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu42s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu44s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu65h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cs1d-cpu65p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cj2h-cpu66-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2m-cpu31",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cp1e-e",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.3"
},
{
"model": "cs1h-cpu65h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cp1e-n",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.3"
},
{
"model": "cj2m-cpu11",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h-cpu66",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cs1d-cpu67h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cj2m-cpu32",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu65s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h-cpu65",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cs1h-cpu64h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1h-cpu63h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1g-cpu45h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-md211",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu35",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1g-cpu42h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj1g-cpu42p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-cpu14",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj1g-cpu45p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj1g-cpu43p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-md212",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h-cpu65-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu64",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu44p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu42p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1e-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu67",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu66-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu43p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu65-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2m-cpu34",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu66",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2m-cpu33",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2m-cpu35",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu45p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu45p-gtc",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu68-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu65",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu68",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1e-n",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu64-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu67-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"cve": "CVE-2022-45790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-45790",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ot-cert@dragos.com",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-45790",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-45790",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-45790",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ot-cert@dragos.com",
"id": "CVE-2022-45790",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-45790",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. cj1g-cpu45p firmware, cj1g-cpu45p-gtc firmware, cj1g-cpu44p Multiple OMRON Corporation products, including firmware, contain a vulnerability related to improper restriction of excessive authentication attempts.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45790"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45790",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-23-262-05",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU95526822",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025065",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"id": "VAR-202401-1097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:19:30.059000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05"
},
{
"trust": 1.8,
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
},
{
"trust": 1.8,
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/omsr-2023-010_en.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95526822/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45790"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"date": "2024-01-22T18:15:19.497000",
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T02:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"date": "2024-01-29T16:37:48.967000",
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to improper restriction of excessive authentication attempts in multiple OMRON Corporation products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
}
],
"trust": 0.8
}
}