HIGH🇬🇧 English

CVE-2022-31205

CVSS 7.5v3.1pub. 2022-07-26upd. 2024-11-21

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Omron Cp1w Cif41

    HW
    Omron
    wszystkie wersje
  • Omron Cp1w Cif41 Firmware

    OS
    Omron
    wszystkie wersje
  • Omron Sysmac Cj2h

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cj2h Firmware

    OS
    Omron
    < 1.5
  • Omron Sysmac Cj2m

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cj2m Firmware

    OS
    Omron
    < 2.1
  • Omron Sysmac Cp1e

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cp1e Firmware

    OS
    Omron
    < 1.30
  • Omron Sysmac Cp1h

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cp1h Firmware

    OS
    Omron
    < 1.30
  • Omron Sysmac Cp1l

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cp1l Firmware

    OS
    Omron
    < 1.10
  • Omron Sysmac Cs1

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cs1 Firmware

    OS
    Omron
    < 4.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-31207CRITICAL9.8ten sam produkt

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptogr...

CVE-2022-31204HIGH7.5ten sam produkt

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM P...

CVE-2023-27396CRITICAL9.8ten sam vendor

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in ...

CVE-2023-0811CRITICAL9.1ten sam vendor

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is sto...

CVE-2023-22357CRITICAL9.8ten sam vendor

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specifie...

CVE-2022-31205 — HIGH 7.5 | CVEbaza.pl