CVSS: 9.1EPSS: 0%CPEs: 92EXPL: 0CVE-2022-45790 – Omron FINS memory protection susceptible to bruteforce
https://notcve.org/view.php?id=CVE-2022-45790
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. El protocolo Omron FINS tiene una función autenticada para evitar el acceso a regiones de memoria. La autenticación es susceptible a ataques de fuerza bruta, lo que puede permitir que un adversario obtenga acceso a la memoria protegida. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05 https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.6EPSS: 0%CPEs: 82EXPL: 0CVE-2022-45794 – Omron CJ-series and CS-series unauthenticated filesystem access.
https://notcve.org/view.php?id=CVE-2022-45794
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. Un atacante con acceso a la red del PLC afectado (PLC de las series CJ y CS, todas las versiones) puede utilizar un protocolo de red para leer y escribir archivos desde la memoria interna y la tarjeta de memoria del PLC. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf • CWE-306: Missing Authentication for Critical Function •