CVE-2022-31205

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31205
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 Third Party Advisory US Government Resource
https://www.forescout.com/blog/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*
History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-522 CWE-312

04 Aug 2022, 15:00

Type Values Removed Values Added
First Time Omron cp1w-cif41
Omron sysmac Cp1e Firmware
Omron
Omron sysmac Cj2m Firmware
Omron sysmac Cp1l
Omron sysmac Cs1 Firmware
Omron sysmac Cp1h
Omron sysmac Cj2h Firmware
Omron sysmac Cp1l Firmware
Omron sysmac Cp1e
Omron cp1w-cif41 Firmware
Omron sysmac Cj2m
Omron sysmac Cp1h Firmware
Omron sysmac Cs1
Omron sysmac Cj2h
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-522
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 - Third Party Advisory, US Government Resource
References (MISC) https://www.forescout.com/blog/ - (MISC) https://www.forescout.com/blog/ - Third Party Advisory
CPE cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*

26 Jul 2022, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-07-26 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-31205

Mitre link : CVE-2022-31205

CVE.ORG link : CVE-2022-31205

JSON object : View

Products Affected

omron

  • sysmac_cj2h
  • sysmac_cp1h_firmware
  • sysmac_cj2m_firmware
  • sysmac_cp1h
  • sysmac_cp1l
  • sysmac_cp1l_firmware
  • sysmac_cs1
  • sysmac_cp1e
  • sysmac_cj2h_firmware
  • sysmac_cp1e_firmware
  • cp1w-cif41_firmware
  • cp1w-cif41
  • sysmac_cs1_firmware
  • sysmac_cj2m
CWE
CWE-312

Cleartext Storage of Sensitive Information