9.1

CVE-2022-45790

EPSS 0.39%
Published 22.01.2024 18:15:19
Last modified 21.11.2024 07:29:43
Source ot-cert@dragos.com
Teams watchlist Login
Open Login

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Omron ≫ Cj1g-cpu45p Firmware Version < 4.1

Omron ≫ Cj1g-cpu45p Version-

Omron ≫ Cj1g-cpu45p-gtc Firmware Version < 4.1

Omron ≫ Cj1g-cpu45p-gtc Version-

Omron ≫ Cj1g-cpu44p Firmware Version < 4.1

Omron ≫ Cj1g-cpu44p Version-

Omron ≫ Cj1g-cpu43p Firmware Version < 4.1

Omron ≫ Cj1g-cpu43p Version-

Omron ≫ Cj1g-cpu42p Firmware Version < 4.1

Omron ≫ Cj1g-cpu42p Version-

Omron ≫ Cp1e-e Firmware Version < 1.3

Omron ≫ Cp1e-e Version-

Omron ≫ Cp1e-n Firmware Version < 1.3

Omron ≫ Cp1e-n Version-

Omron ≫ Cj2h-cpu68 Firmware Version < 1.5

Omron ≫ Cj2h-cpu68 Version-

Omron ≫ Cj2h-cpu67 Firmware Version < 1.5

Omron ≫ Cj2h-cpu67 Version-

Omron ≫ Cj2h-cpu66 Firmware Version < 1.5

Omron ≫ Cj2h-cpu66 Version-

Omron ≫ Cj2h-cpu65 Firmware Version < 1.5

Omron ≫ Cj2h-cpu65 Version-

Omron ≫ Cj2h-cpu64 Firmware Version < 1.5

Omron ≫ Cj2h-cpu64 Version-

Omron ≫ Cj2h-cpu68-eip Firmware Version < 1.5

Omron ≫ Cj2h-cpu68-eip Version-

Omron ≫ Cj2h-cpu67-eip Firmware Version < 1.5

Omron ≫ Cj2h-cpu67-eip Version-

Omron ≫ Cj2h-cpu66-eip Firmware Version < 1.5

Omron ≫ Cj2h-cpu66-eip Version-

Omron ≫ Cj2h-cpu65-eip Firmware Version < 1.5

Omron ≫ Cj2h-cpu65-eip Version-

Omron ≫ Cj2h-cpu64-eip Firmware Version < 1.5

Omron ≫ Cj2h-cpu64-eip Version-

Omron ≫ Cj2m-cpu35 Firmware Version < 2.1

Omron ≫ Cj2m-cpu35 Version-

Omron ≫ Cj2m-cpu34 Firmware Version < 2.1

Omron ≫ Cj2m-cpu34 Version-

Omron ≫ Cj2m-cpu33 Firmware Version < 2.1

Omron ≫ Cj2m-cpu33 Version-

Omron ≫ Cj2m-cpu32 Firmware Version < 2.1

Omron ≫ Cj2m-cpu32 Version-

Omron ≫ Cj2m-cpu31 Firmware Version < 2.1

Omron ≫ Cj2m-cpu31 Version-

Omron ≫ Cj2m-cpu15 Firmware Version < 2.1

Omron ≫ Cj2m-cpu15 Version-

Omron ≫ Cj2m-cpu14 Firmware Version < 2.1

Omron ≫ Cj2m-cpu14 Version-

Omron ≫ Cj2m-cpu13 Firmware Version < 2.1

Omron ≫ Cj2m-cpu13 Version-

Omron ≫ Cj2m-cpu12 Firmware Version < 2.1

Omron ≫ Cj2m-cpu12 Version-

Omron ≫ Cj2m-cpu11 Firmware Version < 2.1

Omron ≫ Cj2m-cpu11 Version-

Omron ≫ Cj2m-md211 Firmware Version < 2.1

Omron ≫ Cj2m-md211 Version-

Omron ≫ Cj2m-md212 Firmware Version < 2.1

Omron ≫ Cj2m-md212 Version-

Omron ≫ Cs1d-cpu67s Firmware Version < 2.1

Omron ≫ Cs1d-cpu67s Version-

Omron ≫ Cs1d-cpu65s Firmware Version < 2.1

Omron ≫ Cs1d-cpu65s Version-

Omron ≫ Cs1d-cpu44s Firmware Version < 2.1

Omron ≫ Cs1d-cpu44s Version-

Omron ≫ Cs1d-cpu42s Firmware Version < 2.1

Omron ≫ Cs1d-cpu42s Version-

Omron ≫ Cs1d-cpu65p Firmware Version < 1.4

Omron ≫ Cs1d-cpu65p Version-

Omron ≫ Cs1d-cpu67p Firmware Version < 1.4

Omron ≫ Cs1d-cpu67p Version-

Omron ≫ Cs1d-cpu67h Firmware Version < 1.4

Omron ≫ Cs1d-cpu67h Version-

Omron ≫ Cs1d-cpu65h Firmware Version < 1.4

Omron ≫ Cs1d-cpu65h Version-

Omron ≫ Cs1h-cpu67h Firmware Version < 4.1

Omron ≫ Cs1h-cpu67h Version-

Omron ≫ Cs1h-cpu66h Firmware Version < 4.1

Omron ≫ Cs1h-cpu66h Version-

Omron ≫ Cs1h-cpu65h Firmware Version < 4.1

Omron ≫ Cs1h-cpu65h Version-

Omron ≫ Cs1h-cpu64h Firmware Version < 4.1

Omron ≫ Cs1h-cpu64h Version-

Omron ≫ Cs1h-cpu63h Firmware Version < 4.1

Omron ≫ Cs1h-cpu63h Version-

Omron ≫ Cs1g-cpu45h Firmware Version < 4.1

Omron ≫ Cs1g-cpu45h Version-

Omron ≫ Cs1g-cpu44h Firmware Version < 4.1

Omron ≫ Cs1g-cpu44h Version-

Omron ≫ Cs1g-cpu43h Firmware Version < 4.1

Omron ≫ Cs1g-cpu43h Version-

Omron ≫ Cs1g-cpu42h Firmware Version < 4.1

Omron ≫ Cs1g-cpu42h Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.57

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
ot-cert@dragos.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/

Third Party Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

Third Party Advisory

US Government Resource

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45790

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45790

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45790

EUVD