In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 | Third Party Advisory US Government Resource |
https://www.forescout.com/blog/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 |
04 Aug 2022, 15:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Omron cp1w-cif41
Omron sysmac Cp1e Firmware Omron Omron sysmac Cj2m Firmware Omron sysmac Cp1l Omron sysmac Cs1 Firmware Omron sysmac Cp1h Omron sysmac Cj2h Firmware Omron sysmac Cp1l Firmware Omron sysmac Cp1e Omron cp1w-cif41 Firmware Omron sysmac Cj2m Omron sysmac Cp1h Firmware Omron sysmac Cs1 Omron sysmac Cj2h |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-522 | |
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 - Third Party Advisory, US Government Resource | |
References | (MISC) https://www.forescout.com/blog/ - Third Party Advisory | |
CPE | cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:* cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:* cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:* |
26 Jul 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-26 22:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-31205
Mitre link : CVE-2022-31205
CVE.ORG link : CVE-2022-31205
JSON object : View
Products Affected
omron
- sysmac_cj2h
- sysmac_cp1h_firmware
- sysmac_cj2m_firmware
- sysmac_cp1h
- sysmac_cp1l
- sysmac_cp1l_firmware
- sysmac_cs1
- sysmac_cp1e
- sysmac_cj2h_firmware
- sysmac_cp1e_firmware
- cp1w-cif41_firmware
- cp1w-cif41
- sysmac_cs1_firmware
- sysmac_cj2m
CWE
CWE-312
Cleartext Storage of Sensitive Information