CVE-2022-31204

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.forescout.com/blog/	Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02	Third Party Advisory US Government Resource

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*

Information

Published : 2022-07-26 15:15

Updated : 2022-08-04 07:59

NVD link : CVE-2022-31204

Mitre link : CVE-2022-31204

JSON object : View

CWE

CWE-319

Cleartext Transmission of Sensitive Information

Advertisement

Products Affected

omron

sysmac_cj2h_firmware
sysmac_cs1_firmware
sysmac_cp1e_firmware
cx-programmer
sysmac_cj2m
cp1w-cif41
sysmac_cp1e
sysmac_cs1
sysmac_cp1h
cp1w-cif41_firmware
sysmac_cj2h
sysmac_cp1l
sysmac_cp1l_firmware
sysmac_cp1h_firmware
sysmac_cj2m_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.forescout.com/blog/", "name": "https://www.forescout.com/blog/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-319"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-31204", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-07-26T22:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.5"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.30"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.30"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.10"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-04T14:59Z"}