Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOmron Cp1l El20dr D
HWOmronwszystkie wersjeOmron Cp1l El20dr D Firmware
OSOmronwszystkie wersje
Related vulnerabilities
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in ...
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is sto...
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18...
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptogr...
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary ...