CVE-2023-38744

EPSS 0.24%
Published 03.08.2023 05:15:10
Last modified 21.11.2024 08:14:09
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Omron ≫ Cj2m-cpu35 Firmware Version <= 2.18

Omron ≫ Cj2m-cpu35 Version-

Omron ≫ Cj2m-cpu34 Firmware Version <= 2.18

Omron ≫ Cj2m-cpu34 Version-

Omron ≫ Cj2m-cpu33 Firmware Version <= 2.18

Omron ≫ Cj2m-cpu33 Version-

Omron ≫ Cj2m-cpu32 Firmware Version <= 2.18

Omron ≫ Cj2m-cpu32 Version-

Omron ≫ Cj2m-cpu31 Firmware Version <= 2.18

Omron ≫ Cj2m-cpu31 Version-

Omron ≫ Cj2h-cpu68-eip Firmware Version <= 3.04

Omron ≫ Cj2h-cpu68-eip Version-

Omron ≫ Cj2h-cpu67-eip Firmware Version <= 3.04

Omron ≫ Cj2h-cpu67-eip Version-

Omron ≫ Cj2h-cpu66-eip Firmware Version <= 3.04

Omron ≫ Cj2h-cpu66-eip Version-

Omron ≫ Cj2h-cpu65-eip Firmware Version <= 3.04

Omron ≫ Cj2h-cpu65-eip Version-

Omron ≫ Cj2h-cpu64-eip Firmware Version <= 3.04

Omron ≫ Cj2h-cpu64-eip Version-

Omron ≫ Cs1w-eip21 Firmware Version <= 3.04

Omron ≫ Cs1w-eip21 Version-

Omron ≫ Cj1w-eip21 Firmware Version <= 3.04

Omron ≫ Cj1w-eip21 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.467

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://jvn.jp/en/vu/JVNVU92193064/

Third Party Advisory

https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38744

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38744

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38744

EUVD