VAR-202401-1097
Vulnerability from variot - Updated: 2024-08-14 13:19The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. cj1g-cpu45p firmware, cj1g-cpu45p-gtc firmware, cj1g-cpu44p Multiple OMRON Corporation products, including firmware, contain a vulnerability related to improper restriction of excessive authentication attempts.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-1097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cj2h-cpu68-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu64",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cs1h-cpu66h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj1g-cpu44p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1d-cpu67s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu34",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1g-cpu44h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2h-cpu68",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu67-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj1g-cpu45p-gtc",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2h-cpu64-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu67",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2m-cpu33",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1h-cpu67h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1d-cpu67p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cs1g-cpu43h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-cpu13",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu12",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu15",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu42s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu44s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu65h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cs1d-cpu65p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cj2h-cpu66-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2m-cpu31",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cp1e-e",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.3"
},
{
"model": "cs1h-cpu65h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cp1e-n",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.3"
},
{
"model": "cj2m-cpu11",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h-cpu66",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cs1d-cpu67h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.4"
},
{
"model": "cj2m-cpu32",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1d-cpu65s",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h-cpu65",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cs1h-cpu64h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1h-cpu63h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cs1g-cpu45h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-md211",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2m-cpu35",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cs1g-cpu42h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj1g-cpu42p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-cpu14",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj1g-cpu45p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj1g-cpu43p",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cj2m-md212",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "cj2h-cpu65-eip",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cj2h-cpu64",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu44p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu42p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1e-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu67",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu66-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu43p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu65-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2m-cpu34",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu66",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2m-cpu33",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2m-cpu35",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu45p",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj1g-cpu45p-gtc",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu68-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu65",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu68",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1e-n",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu64-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cj2h-cpu67-eip",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"cve": "CVE-2022-45790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-45790",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ot-cert@dragos.com",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-45790",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-45790",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-45790",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ot-cert@dragos.com",
"id": "CVE-2022-45790",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-45790",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. cj1g-cpu45p firmware, cj1g-cpu45p-gtc firmware, cj1g-cpu44p Multiple OMRON Corporation products, including firmware, contain a vulnerability related to improper restriction of excessive authentication attempts.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45790"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45790",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-23-262-05",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU95526822",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025065",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"id": "VAR-202401-1097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:19:30.059000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05"
},
{
"trust": 1.8,
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
},
{
"trust": 1.8,
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/omsr-2023-010_en.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95526822/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45790"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"date": "2024-01-22T18:15:19.497000",
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T02:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-025065"
},
{
"date": "2024-01-29T16:37:48.967000",
"db": "NVD",
"id": "CVE-2022-45790"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to improper restriction of excessive authentication attempts in multiple OMRON Corporation products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025065"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…