CVE-2022-31204
CVSS V2 None
CVSS V3 High 7.5
Description
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
Overview
- CVE ID
- CVE-2022-31204
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-07-26T22:15:11
- Last Modified Date
- 2022-08-04T14:59:59
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:* | 1 | OR | 4.1 | |
| cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:* | 1 | OR | 2.1 | |
| cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.5 | |
| cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.30 | |
| cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.30 | |
| cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.10 | |
| cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:* | 1 | OR | 9.6 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://www.forescout.com/blog/ | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31204 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31204 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-07-26 23:00:26 | Added to TrackCVE |