CVE DATABASE / CVE-2022-31204
CVE-2022-31204
CVSS 7.5 · HIGH
Summary
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Omron sysmac cs1 firmwareOmron sysmac cs1Omron sysmac cj2m firmwareOmron sysmac cj2mOmron sysmac cj2h firmwareOmron sysmac cj2hOmron sysmac cp1e firmwareOmron sysmac cp1eOmron sysmac cp1h firmwareOmron sysmac cp1hOmron sysmac cp1l firmwareOmron sysmac cp1lOmron cp1w-cif41 firmwareOmron cp1w-cif41Omron cx-programmer
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.