CVE-2022-31205

EPSS 0.09%
Veröffentlicht 26.07.2022 22:15:11
Zuletzt bearbeitet 21.11.2024 07:04:07
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Omron ≫ Sysmac Cs1 Firmware Version < 4.1

Omron ≫ Sysmac Cs1 Version-

Omron ≫ Sysmac Cj2m Firmware Version < 2.1

Omron ≫ Sysmac Cj2m Version-

Omron ≫ Sysmac Cj2h Firmware Version < 1.5

Omron ≫ Sysmac Cj2h Version-

Omron ≫ Sysmac Cp1e Firmware Version < 1.30

Omron ≫ Sysmac Cp1e Version-

Omron ≫ Sysmac Cp1h Firmware Version < 1.30

Omron ≫ Sysmac Cp1h Version-

Omron ≫ Sysmac Cp1l Firmware Version < 1.10

Omron ≫ Sysmac Cp1l Version-

Omron ≫ Cp1w-cif41 Firmware Version-

Omron ≫ Cp1w-cif41 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.258

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-31205

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31205

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31205

EUVD