CVE-2022-31205

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.forescout.com/blog/	Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02	Third Party Advisory US Government Resource

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*

Information

Published : 2022-07-26 15:15

Updated : 2022-08-04 08:00

NVD link : CVE-2022-31205

Mitre link : CVE-2022-31205

JSON object : View

CWE

CWE-522

Insufficiently Protected Credentials

Advertisement

Products Affected

omron

sysmac_cj2h_firmware
sysmac_cs1_firmware
sysmac_cp1e_firmware
sysmac_cj2m
cp1w-cif41
sysmac_cp1e
sysmac_cs1
sysmac_cp1h
cp1w-cif41_firmware
sysmac_cj2h
sysmac_cp1l
sysmac_cp1l_firmware
sysmac_cp1h_firmware
sysmac_cj2m_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.forescout.com/blog/", "name": "https://www.forescout.com/blog/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-522"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-31205", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-07-26T22:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.5"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.30"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.30"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.10"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-04T15:00Z"}