CVE-2022-45794 – Omron CJ-series and CS-series unauthenticated filesystem access.
https://notcve.org/view.php?id=CVE-2022-45794
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. Un atacante con acceso a la red del PLC afectado (PLC de las series CJ y CS, todas las versiones) puede utilizar un protocolo de red para leer y escribir archivos desde la memoria interna y la tarjeta de memoria del PLC. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf • CWE-306: Missing Authentication for Critical Function •
CVE-2023-0811
https://notcve.org/view.php?id=CVE-2023-0811
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01 https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf • CWE-284: Improper Access Control •