Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 | Third Party Advisory US Government Resource |
https://www.forescout.com/blog/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
History
04 Aug 2022, 14:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Omron sysmac Cp1e Firmware
Omron sysmac Cj2m Firmware Omron sysmac Cs1 Firmware Omron sysmac Cj2h Firmware Omron cx-programmer Omron Omron sysmac Cp1e Omron cp1w-cif41 Firmware Omron sysmac Cs1 Omron sysmac Cp1h Firmware Omron sysmac Cj2h Omron sysmac Cp1l Omron sysmac Cp1h Omron sysmac Cp1l Firmware Omron cp1w-cif41 Omron sysmac Cj2m |
|
CPE | cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:* cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 - Third Party Advisory, US Government Resource | |
References | (MISC) https://www.forescout.com/blog/ - Third Party Advisory | |
CWE | CWE-319 |
26 Jul 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-26 22:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-31204
Mitre link : CVE-2022-31204
CVE.ORG link : CVE-2022-31204
JSON object : View
Products Affected
omron
- sysmac_cj2m_firmware
- sysmac_cj2h_firmware
- sysmac_cj2h
- cp1w-cif41
- sysmac_cp1h_firmware
- sysmac_cj2m
- sysmac_cp1l_firmware
- sysmac_cp1h
- sysmac_cp1l
- cx-programmer
- sysmac_cp1e_firmware
- cp1w-cif41_firmware
- sysmac_cp1e
- sysmac_cs1_firmware
- sysmac_cs1
CWE
CWE-319
Cleartext Transmission of Sensitive Information