CRITICAL🇬🇧 English

CVE-2023-22357

CVSS 9.8v3.1pub. 2023-01-17upd. 2025-04-04

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Omron Cp1l El20dr D

    HW
    Omron
    wszystkie wersje
  • Omron Cp1l El20dr D Firmware

    OS
    Omron
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-27396CRITICAL9.8ten sam vendor

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in ...

CVE-2023-0811CRITICAL9.1ten sam vendor

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is sto...

CVE-2022-31206CRITICAL9.8ten sam vendor

The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18...

CVE-2022-31207CRITICAL9.8ten sam vendor

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptogr...

CVE-2019-18259CRITICAL9.8ten sam vendor

In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary ...