HIGH🇬🇧 English

CVE-2022-31204

CVSS 7.5v3.1pub. 2022-07-26upd. 2024-11-21

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Omron Cp1w Cif41

    HW
    Omron
    wszystkie wersje
  • Omron Cp1w Cif41 Firmware

    OS
    Omron
    wszystkie wersje
  • Omron Cx Programmer

    APP
    Omron
    < 9.6
  • Omron Sysmac Cj2h

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cj2h Firmware

    OS
    Omron
    < 1.5
  • Omron Sysmac Cj2m

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cj2m Firmware

    OS
    Omron
    < 2.1
  • Omron Sysmac Cp1e

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cp1e Firmware

    OS
    Omron
    < 1.30
  • Omron Sysmac Cp1h

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cp1h Firmware

    OS
    Omron
    < 1.30
  • Omron Sysmac Cp1l

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cp1l Firmware

    OS
    Omron
    < 1.10
  • Omron Sysmac Cs1

    HW
    Omron
    wszystkie wersje
  • Omron Sysmac Cs1 Firmware

    OS
    Omron
    < 4.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-31207CRITICAL9.8ten sam produkt

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptogr...

CVE-2015-0987CRITICAL10.0ten sam produkt

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cl...

CVE-2023-22314HIGH7.8ten sam produkt

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially c...

CVE-2023-22277HIGH7.8ten sam produkt

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially c...

CVE-2023-22317HIGH7.8ten sam produkt

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially c...