CVE-2022-31205

Description

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

Related CPE's

oomronsysmac_cs1_firmware********

homronsysmac_cs1-*******

oomronsysmac_cj2m_firmware********

homronsysmac_cj2m-*******

oomronsysmac_cj2h_firmware********

homronsysmac_cj2h-*******

oomronsysmac_cp1e_firmware********

homronsysmac_cp1e-*******

oomronsysmac_cp1h_firmware********

homronsysmac_cp1h-*******

References

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02

Third Party AdvisoryUS Government Resource

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io