Lucene search

JpcertCVELIST:CVE-2023-22357

HistoryJan 17, 2023 - 12:00 a.m.

CVE-2023-22357

2023-01-1700:00:00

jpcert

www.cve.org

vulnerability

omron cp1l-el20dr-d

fins protocol

authentication

remote attacker

memory overwrite

firmware

dos

arbitrary code execution

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.

CNA Affected

[
  {
    "vendor": "OMRON Corporation",
    "product": "CP1L-EL20DR-D",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU97575890/index.html