CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33687
https://notcve.org/view.php?id=CVE-2024-33687
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. • https://jvn.jp/en/vu/JVNVU92504444 https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-004_en.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45792 – Directory Traversal in Project File Format allows overwrite (Zip Slip)
https://notcve.org/view.php?id=CVE-2022-45792
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. Los archivos de proyecto pueden contener contenidos maliciosos que el software utilizará para crear archivos en el sistema de archivos. Esto permite directory traversal y sobrescribir archivos con los privilegios del usuario que ha iniciado sesión. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 92EXPL: 0CVE-2022-45790 – Omron FINS memory protection susceptible to bruteforce
https://notcve.org/view.php?id=CVE-2022-45790
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. El protocolo Omron FINS tiene una función autenticada para evitar el acceso a regiones de memoria. La autenticación es susceptible a ataques de fuerza bruta, lo que puede permitir que un adversario obtenga acceso a la memoria protegida. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05 https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.6EPSS: 0%CPEs: 82EXPL: 0CVE-2022-45794 – Omron CJ-series and CS-series unauthenticated filesystem access.
https://notcve.org/view.php?id=CVE-2022-45794
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. Un atacante con acceso a la red del PLC afectado (PLC de las series CJ y CS, todas las versiones) puede utilizar un protocolo de red para leer y escribir archivos desde la memoria interna y la tarjeta de memoria del PLC. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45793 – Executable files writable by low-privileged users in Omron Sysmac Studio
https://notcve.org/view.php?id=CVE-2022-45793
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. [PROBLEMTYPE] en [VENDOR] [PRODUCT] [VERSION] en [PLATFORMS] permite al [ATTACKER] hacer [IMPACT]. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04 https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf • CWE-276: Incorrect Default Permissions •