HIGH🇬🇧 English

CVE-2023-38744

CVSS 7.5v3.1pub. 2023-08-03upd. 2024-11-21

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Omron Cj1w Eip21

    HW
    Omron
    wszystkie wersje
  • Omron Cj1w Eip21 Firmware

    OS
    Omron
    ≤ 3.04
  • Omron Cj2h Cpu64 Eip

    HW
    Omron
    wszystkie wersje
  • Omron Cj2h Cpu64 Eip Firmware

    OS
    Omron
    ≤ 3.04
  • Omron Cj2h Cpu65 Eip

    HW
    Omron
    wszystkie wersje
  • Omron Cj2h Cpu65 Eip Firmware

    OS
    Omron
    ≤ 3.04
  • Omron Cj2h Cpu66 Eip

    HW
    Omron
    wszystkie wersje
  • Omron Cj2h Cpu66 Eip Firmware

    OS
    Omron
    ≤ 3.04
  • Omron Cj2h Cpu67 Eip

    HW
    Omron
    wszystkie wersje
  • Omron Cj2h Cpu67 Eip Firmware

    OS
    Omron
    ≤ 3.04
  • Omron Cj2h Cpu68 Eip

    HW
    Omron
    wszystkie wersje
  • Omron Cj2h Cpu68 Eip Firmware

    OS
    Omron
    ≤ 3.04
  • Omron Cj2m Cpu31

    HW
    Omron
    wszystkie wersje
  • Omron Cj2m Cpu31 Firmware

    OS
    Omron
    ≤ 2.18
  • Omron Cj2m Cpu32

    HW
    Omron
    wszystkie wersje
  • Omron Cj2m Cpu32 Firmware

    OS
    Omron
    ≤ 2.18
  • Omron Cj2m Cpu33

    HW
    Omron
    wszystkie wersje
  • Omron Cj2m Cpu33 Firmware

    OS
    Omron
    ≤ 2.18
  • Omron Cj2m Cpu34

    HW
    Omron
    wszystkie wersje
  • Omron Cj2m Cpu34 Firmware

    OS
    Omron
    ≤ 2.18
  • Omron Cj2m Cpu35

    HW
    Omron
    wszystkie wersje
  • Omron Cj2m Cpu35 Firmware

    OS
    Omron
    ≤ 2.18
  • Omron Cs1w Eip21

    HW
    Omron
    wszystkie wersje
  • Omron Cs1w Eip21 Firmware

    OS
    Omron
    ≤ 3.04
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-27396CRITICAL9.8ten sam produkt

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in ...

CVE-2022-45790HIGH8.6ten sam produkt

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is su...

CVE-2023-0811CRITICAL9.1ten sam vendor

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is sto...

CVE-2023-22357CRITICAL9.8ten sam vendor

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specifie...

CVE-2022-31207CRITICAL9.8ten sam vendor

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptogr...