Search criteria
4 vulnerabilities found for cp1w-cif41 by omron
VAR-202304-1903
Vulnerability from variot - Updated: 2024-12-25 20:38FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is " FINS header"" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-1903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nj501-r500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad44",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1720",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cj2h-cpu66-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu01-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1w-16er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edr",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ext01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-eip21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "nx102-1220",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts002",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-adb21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-me05m",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-etn21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "nx1p2-1040dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-srt21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edr1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-clk",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1h-xa40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md212",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu31",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu12",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-dam01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu34",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pa3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu13",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts003",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da021",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif12-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc471",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1120",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1340",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4310",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc271",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md211",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1620",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cj2m-cpu15",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu02-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp2e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pd3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1040dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cn811",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu66",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-dab21v",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu14",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu35",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-drm21-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1e-e10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-5300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8ed",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd3",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts004",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts101",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-y20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-fln22",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cj2m-cpu32",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-ncf71",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mab221",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu33",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts102",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad42",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac nx1p \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx7 \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u63a5\u7d9a cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx102 \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"cve": "CVE-2023-27396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-27396",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-27396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-27396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-27396",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is \" FINS header\"\" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "VULMON",
"id": "CVE-2023-27396"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27396",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU91952379",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91000130",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27396",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"id": "VAR-202304-1903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-12-25T20:38:55Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Implemented in multiple Omron products \u00a0FINS\u00a0 Known Issues in Protocol",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf"
},
{
"title": "Omron SYSMAC CS/CJ/CP Series Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244012"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [ others ]",
"trust": 0.8
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate verification of data reliability (CWE-345) [ others ]",
"trust": 0.8
},
{
"problemtype": " Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate restrictions on external operations (CWE-412) [ others ]",
"trust": 0.8
},
{
"problemtype": " Improper control of interaction frequency (CWE-799) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.fa.omron.co.jp/product/vulnerability/omsr-2023-003_ja.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2023-003_en.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91000130/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91952379/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27396"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27396/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-001534.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2023-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2023-06-19T05:15:09.187000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2024-05-23T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2024-12-24T17:15:06.360000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS\u00a0 About security issues in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
}
}
VAR-202206-2042
Vulnerability from variot - Updated: 2024-08-14 13:01In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain vulnerabilities related to the storage of important information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sysmac cp1h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2m",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "sysmac cp1e",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac cp1l",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.10"
},
{
"model": "sysmac cs1",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "sysmac cp1h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs1",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2m",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1e",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1w-cif41",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1l",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
}
],
"trust": 0.6
},
"cve": "CVE-2022-31205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31205",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31205",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31205",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31205",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2695",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
},
{
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain vulnerabilities related to the storage of important information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"db": "VULMON",
"id": "CVE-2022-31205"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31205",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013963",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062925",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2695",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-31205",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
},
{
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"id": "VAR-202206-2042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45
},
"last_update_date": "2024-08-14T13:01:51.374000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203713"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 2.4,
"url": "https://www.forescout.com/blog/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31205"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3140"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062925"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31205/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
},
{
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-31205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
},
{
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2695"
},
{
"date": "2022-07-26T22:15:11.357000",
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-13T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-013963"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2695"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-31205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to plain text storage of important information in multiple OMRON Corporation products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2695"
}
],
"trust": 0.6
}
}
VAR-202206-2043
Vulnerability from variot - Updated: 2024-08-14 12:35The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several OMRON Corporation products, including firmware, contain vulnerabilities related to digital signature verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sysmac cp1h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2m",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "sysmac cp1e",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac cp1l",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.10"
},
{
"model": "sysmac cs1",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "sysmac cp1h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs1",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2m",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1e",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1w-cif41",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1l",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2700"
}
],
"trust": 0.6
},
"cve": "CVE-2022-31207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31207",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31207",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31207",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-31207",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2700",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2700"
},
{
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several OMRON Corporation products, including firmware, contain vulnerabilities related to digital signature verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"db": "VULMON",
"id": "CVE-2022-31207"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31207",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013961",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062924",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2700",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-31207",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2700"
},
{
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"id": "VAR-202206-2043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45
},
"last_update_date": "2024-08-14T12:35:42.858000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.0
},
{
"problemtype": "Improper verification of digital signatures (CWE-347) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 2.4,
"url": "https://www.forescout.com/blog/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31207"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31207/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3140"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062924"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2700"
},
{
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-31207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2700"
},
{
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2700"
},
{
"date": "2022-07-26T22:15:11.440000",
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-13T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-013961"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2700"
},
{
"date": "2022-08-04T15:01:23.993000",
"db": "NVD",
"id": "CVE-2022-31207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2700"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to digital signature verification in multiple OMRON Corporation products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013961"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2700"
}
],
"trust": 0.6
}
}
VAR-202206-2044
Vulnerability from variot - Updated: 2024-08-14 12:15Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain a vulnerability related to the transmission of sensitive information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sysmac cp1h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2m",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "sysmac cp1e",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac cp1l",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.10"
},
{
"model": "sysmac cs1",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.6"
},
{
"model": "sysmac cp1h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs1",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2m",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1e",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1w-cif41",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1l",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
},
"cve": "CVE-2022-31204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31204",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31204",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31204",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2692",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain a vulnerability related to the transmission of sensitive information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31204",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062924",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422891",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31204",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"id": "VAR-202206-2044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
}
],
"trust": 0.55
},
"last_update_date": "2024-08-14T12:15:45.578000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203712"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 2.5,
"url": "https://www.forescout.com/blog/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31204"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3140"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062924"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31204/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-422891"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"date": "2022-07-26T22:15:11.317000",
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-422891"
},
{
"date": "2023-09-13T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"date": "2022-08-04T14:59:59.737000",
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to sending sensitive information in plain text in multiple OMRON Corporation products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
}
}