Lucene search

DragosCVE-2022-45790

HistoryJan 22, 2024 - 6:15 p.m.

CVE-2022-45790

2024-01-2218:15:19

CWE-307

Dragos

web.nvd.nist.gov

omron fins

protocol

vulnerability

bruteforce attack

authentication

unauthorized access

memory manipulation

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

Affected configurations

Nvd

Node

omroncj1g-cpu45p_firmwareRange<4.1

AND

omroncj1g-cpu45pMatch-

Node

omroncj1g-cpu45p-gtc_firmwareRange<4.1

AND

omroncj1g-cpu45p-gtcMatch-

Node

omroncj1g-cpu44p_firmwareRange<4.1

AND

omroncj1g-cpu44pMatch-

Node

omroncj1g-cpu43p_firmwareRange<4.1

AND

omroncj1g-cpu43pMatch-

Node

omroncj1g-cpu42p_firmwareRange<4.1

AND

omroncj1g-cpu42pMatch-

Node

omroncp1e-e_firmwareRange<1.3

AND

omroncp1e-eMatch-

Node

omroncp1e-n_firmwareRange<1.3

AND

omroncp1e-nMatch-

Node

omroncj2h-cpu68_firmwareRange<1.5

AND

omroncj2h-cpu68Match-

Node

omroncj2h-cpu67_firmwareRange<1.5

AND

omroncj2h-cpu67Match-

Node

omroncj2h-cpu66_firmwareRange<1.5

AND

omroncj2h-cpu66Match-

Node

omroncj2h-cpu65_firmwareRange<1.5

AND

omroncj2h-cpu65Match-

Node

omroncj2h-cpu64_firmwareRange<1.5

AND

omroncj2h-cpu64Match-

Node

omroncj2h-cpu68-eipMatch-

AND

omroncj2h-cpu68-eip_firmwareRange<1.5

Node

omroncj2h-cpu67-eip_firmwareRange<1.5

AND

omroncj2h-cpu67-eipMatch-

Node

omroncj2h-cpu66-eip_firmwareRange<1.5

AND

omroncj2h-cpu66-eipMatch-

Node

omroncj2h-cpu65-eip_firmwareRange<1.5

AND

omroncj2h-cpu65-eipMatch-

Node

omroncj2h-cpu64-eip_firmwareRange<1.5

AND

omroncj2h-cpu64-eipMatch-

Node

omroncj2m-cpu35_firmwareRange<2.1

AND

omroncj2m-cpu35Match-

Node

omroncj2m-cpu34_firmwareRange<2.1

AND

omroncj2m-cpu34Match-

Node

omroncj2m-cpu33_firmwareRange<2.1

AND

omroncj2m-cpu33Match-

Node

omroncj2m-cpu32_firmwareRange<2.1

AND

omroncj2m-cpu32Match-

Node

omroncj2m-cpu31_firmwareRange<2.1

AND

omroncj2m-cpu31Match-

Node

omroncj2m-cpu15_firmwareRange<2.1

AND

omroncj2m-cpu15Match-

Node

omroncj2m-cpu14_firmwareRange<2.1

AND

omroncj2m-cpu14Match-

Node

omroncj2m-cpu13_firmwareRange<2.1

AND

omroncj2m-cpu13Match-

Node

omroncj2m-cpu12_firmwareRange<2.1

AND

omroncj2m-cpu12Match-

Node

omroncj2m-cpu11_firmwareRange<2.1

AND

omroncj2m-cpu11Match-

Node

omroncj2m-md211_firmwareRange<2.1

AND

omroncj2m-md211Match-

Node

omroncj2m-md212_firmwareRange<2.1

AND

omroncj2m-md212Match-

Node

omroncs1d-cpu67s_firmwareRange<2.1

AND

omroncs1d-cpu67sMatch-

Node

omroncs1d-cpu65s_firmwareRange<2.1

AND

omroncs1d-cpu65sMatch-

Node

omroncs1d-cpu44s_firmwareRange<2.1

AND

omroncs1d-cpu44sMatch-

Node

omroncs1d-cpu42s_firmwareRange<2.1

AND

omroncs1d-cpu42sMatch-

Node

omroncs1d-cpu65p_firmwareRange<1.4

AND

omroncs1d-cpu65pMatch-

Node

omroncs1d-cpu67p_firmwareRange<1.4

AND

omroncs1d-cpu67pMatch-

Node

omroncs1d-cpu67h_firmwareRange<1.4

AND

omroncs1d-cpu67hMatch-

Node

omroncs1d-cpu65h_firmwareRange<1.4

AND

omroncs1d-cpu65hMatch-

Node

omroncs1h-cpu67h_firmwareRange<4.1

AND

omroncs1h-cpu67hMatch-

Node

omroncs1h-cpu66h_firmwareRange<4.1

AND

omroncs1h-cpu66hMatch-

Node

omroncs1h-cpu65h_firmwareRange<4.1

AND

omroncs1h-cpu65hMatch-

Node

omroncs1h-cpu64h_firmwareRange<4.1

AND

omroncs1h-cpu64hMatch-

Node

omroncs1h-cpu63h_firmwareRange<4.1

AND

omroncs1h-cpu63hMatch-

Node

omroncs1g-cpu45h_firmwareRange<4.1

AND

omroncs1g-cpu45hMatch-

Node

omroncs1g-cpu44h_firmwareRange<4.1

AND

omroncs1g-cpu44hMatch-

Node

omroncs1g-cpu43h_firmwareRange<4.1

AND

omroncs1g-cpu43hMatch-

Node

omroncs1g-cpu42h_firmwareRange<4.1

AND

omroncs1g-cpu42hMatch-

VendorProductVersionCPE
omroncj1g-cpu45p_firmware*cpe:2.3:o:omron:cj1g-cpu45p_firmware:*:*:*:*:*:*:*:*
omroncj1g-cpu45p-cpe:2.3:h:omron:cj1g-cpu45p:-:*:*:*:*:*:*:*
omroncj1g-cpu45p-gtc_firmware*cpe:2.3:o:omron:cj1g-cpu45p-gtc_firmware:*:*:*:*:*:*:*:*
omroncj1g-cpu45p-gtc-cpe:2.3:h:omron:cj1g-cpu45p-gtc:-:*:*:*:*:*:*:*
omroncj1g-cpu44p_firmware*cpe:2.3:o:omron:cj1g-cpu44p_firmware:*:*:*:*:*:*:*:*
omroncj1g-cpu44p-cpe:2.3:h:omron:cj1g-cpu44p:-:*:*:*:*:*:*:*
omroncj1g-cpu43p_firmware*cpe:2.3:o:omron:cj1g-cpu43p_firmware:*:*:*:*:*:*:*:*
omroncj1g-cpu43p-cpe:2.3:h:omron:cj1g-cpu43p:-:*:*:*:*:*:*:*
omroncj1g-cpu42p_firmware*cpe:2.3:o:omron:cj1g-cpu42p_firmware:*:*:*:*:*:*:*:*
omroncj1g-cpu42p-cpe:2.3:h:omron:cj1g-cpu42p:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
omron	cj1g-cpu45p_firmware	*	cpe:2.3:o:omron:cj1g-cpu45p_firmware::::::::
omron	cj1g-cpu45p	-	cpe:2.3:h:omron:cj1g-cpu45p:-:::::::*
omron	cj1g-cpu45p-gtc_firmware	*	cpe:2.3:o:omron:cj1g-cpu45p-gtc_firmware::::::::
omron	cj1g-cpu45p-gtc	-	cpe:2.3:h:omron:cj1g-cpu45p-gtc:-:::::::*
omron	cj1g-cpu44p_firmware	*	cpe:2.3:o:omron:cj1g-cpu44p_firmware::::::::
omron	cj1g-cpu44p	-	cpe:2.3:h:omron:cj1g-cpu44p:-:::::::*
omron	cj1g-cpu43p_firmware	*	cpe:2.3:o:omron:cj1g-cpu43p_firmware::::::::
omron	cj1g-cpu43p	-	cpe:2.3:h:omron:cj1g-cpu43p:-:::::::*
omron	cj1g-cpu42p_firmware	*	cpe:2.3:o:omron:cj1g-cpu42p_firmware::::::::
omron	cj1g-cpu42p	-	cpe:2.3:h:omron:cj1g-cpu42p:-:::::::*

Rows per page:

1-10 of 921

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CJ-series and CS-series CPU modules",
    "vendor": "Omron",
    "versions": [
      {
        "lessThan": "1.5",
        "status": "affected",
        "version": "CJ2H 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.1",
        "status": "affected",
        "version": "CJ2M 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.1",
        "status": "affected",
        "version": "CJ1G 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.1",
        "status": "affected",
        "version": "CS1H 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.1",
        "status": "affected",
        "version": "CS1G 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "1.4",
        "status": "affected",
        "version": "CS1D-H 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "1.3",
        "status": "affected",
        "version": "CP1E-E 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "1.3",
        "status": "affected",
        "version": "CP1E-N 0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "1.4",
        "status": "affected",
        "version": "CS1D-P 0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/

www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Related for CVE-2022-45790