Lucene search

JpcertCVE-2023-22357

HistoryJan 17, 2023 - 10:15 a.m.

CVE-2023-22357

2023-01-1710:15:11

jpcert

web.nvd.nist.gov

cve-2023-22357

omron cp1l-el20dr-d

remote code execution

authentication bypass

denial-of-service

arbitrary code execution

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.

Affected configurations

Nvd

Node

omroncp1l-el20dr-d_firmware

AND

omroncp1l-el20dr-dMatch-

VendorProductVersionCPE
omroncp1l-el20dr-d_firmware*cpe:2.3:o:omron:cp1l-el20dr-d_firmware:*:*:*:*:*:*:*:*
omroncp1l-el20dr-d-cpe:2.3:h:omron:cp1l-el20dr-d:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
omron	cp1l-el20dr-d_firmware	*	cpe:2.3:o:omron:cp1l-el20dr-d_firmware::::::::
omron	cp1l-el20dr-d	-	cpe:2.3:h:omron:cp1l-el20dr-d:-:::::::*

CNA Affected

[
  {
    "vendor": "OMRON Corporation",
    "product": "CP1L-EL20DR-D",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU97575890/index.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Related for CVE-2023-22357