Search criteria
3 vulnerabilities found for nj101-1000 by omron
VAR-202304-1903
Vulnerability from variot - Updated: 2024-12-25 20:38FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is " FINS header"" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-1903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nj501-r500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad44",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1720",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cj2h-cpu66-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu01-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1w-16er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edr",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ext01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-eip21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "nx102-1220",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts002",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-adb21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-me05m",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-etn21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "nx1p2-1040dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-srt21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edr1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-clk",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1h-xa40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md212",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu31",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu12",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-dam01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu34",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pa3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu13",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts003",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da021",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif12-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc471",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1120",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1340",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4310",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc271",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md211",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1620",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cj2m-cpu15",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu02-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp2e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pd3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1040dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cn811",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu66",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-dab21v",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu14",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu35",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-drm21-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1e-e10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-5300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8ed",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd3",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts004",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts101",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-y20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-fln22",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cj2m-cpu32",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-ncf71",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mab221",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu33",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts102",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad42",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac nx1p \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx7 \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u63a5\u7d9a cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx102 \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"cve": "CVE-2023-27396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-27396",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-27396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-27396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-27396",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is \" FINS header\"\" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "VULMON",
"id": "CVE-2023-27396"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27396",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU91952379",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91000130",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27396",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"id": "VAR-202304-1903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-12-25T20:38:55Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Implemented in multiple Omron products \u00a0FINS\u00a0 Known Issues in Protocol",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf"
},
{
"title": "Omron SYSMAC CS/CJ/CP Series Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244012"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [ others ]",
"trust": 0.8
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate verification of data reliability (CWE-345) [ others ]",
"trust": 0.8
},
{
"problemtype": " Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate restrictions on external operations (CWE-412) [ others ]",
"trust": 0.8
},
{
"problemtype": " Improper control of interaction frequency (CWE-799) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.fa.omron.co.jp/product/vulnerability/omsr-2023-003_ja.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2023-003_en.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91000130/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91952379/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27396"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27396/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-001534.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2023-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2023-06-19T05:15:09.187000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2024-05-23T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2024-12-24T17:15:06.360000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS\u00a0 About security issues in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
}
}
VAR-202207-0037
Vulnerability from variot - Updated: 2024-08-14 14:49Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan's Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx1w-cif01",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-5300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nj501-r520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-15w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pd3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-z600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx102-1200",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "sysmac studio",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.49"
},
{
"model": "nj501-1320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4310",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-7w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-140",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-12w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nx102-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-mab221",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1720",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-z700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-1620",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx1w-cif12",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1200",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pa3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-adb21",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1220",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-cif11",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-9w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1340",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1120",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-dab21v",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 sysmac studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30bf\u30fc\u30df\u30ca\u30eb na \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nx \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nj \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"cve": "CVE-2022-34151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-34151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426451",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-34151",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-002691",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34151",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002691",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-356",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426451",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-34151",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software \u0027Sysmac Studio\u0027 all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan\u0027s Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34151",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97050784",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691",
"trust": 1.4
},
{
"db": "USCERT",
"id": "AA22-103A",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070405",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426451",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34151",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"id": "VAR-202207-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:43.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "machine automation controller \u00a0NJ/NX\u00a0 Authentication Bypass Vulnerability in Communication Function of Series Omron Corporation",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2022-001_ja.pdf"
},
{
"title": "Multiple Omron Repair measures for product trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200206"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " debug code in active state (CWE-489) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
},
{
"problemtype": "CWE-294",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://jvn.jp/en/vu/jvnvu97050784/index.html"
},
{
"trust": 1.8,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2022-001_en.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97050784/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33208"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33971"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34151/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070405"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002691.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/294.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-426451"
},
{
"date": "2022-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"date": "2022-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"date": "2022-07-04T02:15:07.727000",
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-426451"
},
{
"date": "2022-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"date": "2022-11-09T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple Omron products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
}
],
"trust": 0.6
}
}
VAR-202207-0036
Vulnerability from variot - Updated: 2024-08-14 14:49Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. are all products of Japan's Omron (Omron). A remote attacker could exploit this vulnerability to bypass the authentication process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx1w-cif01",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-5300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nj501-r520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-15w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pd3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-z600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx102-1200",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "sysmac studio",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.49"
},
{
"model": "nj501-1320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4310",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-7w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-140",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-12w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nx102-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-mab221",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1720",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-z700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-1620",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx1w-cif12",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1200",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pa3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-adb21",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1220",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-cif11",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-9w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1340",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1120",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-dab21v",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 sysmac studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30bf\u30fc\u30df\u30ca\u30eb na \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nx \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nj \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"cve": "CVE-2022-33208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-33208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426449",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-33208",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002691",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002691",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-355",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426449",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-33208",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software \u0027Sysmac Studio\u0027 all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software \u0027Sysmac Studio\u0027 and/or a Programmable Terminal (PT) to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. are all products of Japan\u0027s Omron (Omron). A remote attacker could exploit this vulnerability to bypass the authentication process",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33208",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97050784",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691",
"trust": 1.4
},
{
"db": "USCERT",
"id": "AA22-103A",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070405",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426449",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-33208",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"id": "VAR-202207-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:43.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "machine automation controller \u00a0NJ/NX\u00a0 Authentication Bypass Vulnerability in Communication Function of Series Omron Corporation",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2022-001_ja.pdf"
},
{
"title": "Multiple Omron Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200205"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-294",
"trust": 1.1
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " debug code in active state (CWE-489) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://jvn.jp/en/vu/jvnvu97050784/index.html"
},
{
"trust": 1.8,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2022-001_en.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97050784/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33208"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33971"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070405"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33208/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002691.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/294.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-426449"
},
{
"date": "2022-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"date": "2022-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"date": "2022-07-04T02:15:07.570000",
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-426449"
},
{
"date": "2022-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"date": "2022-11-09T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"date": "2022-07-15T17:06:55.383000",
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple Omron products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
}
],
"trust": 0.6
}
}