7.5

CVE-2022-31204

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OmronSysmac Cs1 Firmware Version < 4.1
   OmronSysmac Cs1 Version-
OmronSysmac Cj2m Firmware Version < 2.1
   OmronSysmac Cj2m Version-
OmronSysmac Cj2h Firmware Version < 1.5
   OmronSysmac Cj2h Version-
OmronSysmac Cp1e Firmware Version < 1.30
   OmronSysmac Cp1e Version-
OmronSysmac Cp1h Firmware Version < 1.30
   OmronSysmac Cp1h Version-
OmronSysmac Cp1l Firmware Version < 1.10
   OmronSysmac Cp1l Version-
OmronCp1w-cif41 Firmware Version-
   OmronCp1w-cif41 Version-
OmronCx-programmer Version < 9.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.351
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.forescout.com/blog/
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02
Third Party Advisory
US Government Resource