CVE-2022-31205

EPSS 0.09%
Published 26.07.2022 22:15:11
Last modified 21.11.2024 07:04:07
Source cve@mitre.org
Teams watchlist Login
Open Login

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Omron ≫ Sysmac Cs1 Firmware Version < 4.1

Omron ≫ Sysmac Cs1 Version-

Omron ≫ Sysmac Cj2m Firmware Version < 2.1

Omron ≫ Sysmac Cj2m Version-

Omron ≫ Sysmac Cj2h Firmware Version < 1.5

Omron ≫ Sysmac Cj2h Version-

Omron ≫ Sysmac Cp1e Firmware Version < 1.30

Omron ≫ Sysmac Cp1e Version-

Omron ≫ Sysmac Cp1h Firmware Version < 1.30

Omron ≫ Sysmac Cp1h Version-

Omron ≫ Sysmac Cp1l Firmware Version < 1.10

Omron ≫ Sysmac Cp1l Version-

Omron ≫ Cp1w-cif41 Firmware Version-

Omron ≫ Cp1w-cif41 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.258

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-31205

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31205

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31205

EUVD