CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31205
https://notcve.org/view.php?id=CVE-2022-31205
26 Jul 2022 — In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. En los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, la contraseña de acceso a la Interfaz de Usuario Web es almacenada en el área de memoria D1449...D1452 y puede leerse mediante el protocolo FINS de Omron sin necesidad de ninguna otra autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2022-31206
https://notcve.org/view.php?id=CVE-2022-31206
26 Jul 2022 — The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically aut... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-31204
https://notcve.org/view.php?id=CVE-2022-31204
26 Jul 2022 — Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. Los PLC de las series CS, CJ y CP de Omron versi... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.1EPSS: 1%CPEs: 113EXPL: 0CVE-2022-34151
https://notcve.org/view.php?id=CVE-2022-34151
04 Jul 2022 — Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user crede... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 104EXPL: 0CVE-2022-33971
https://notcve.org/view.php?id=CVE-2022-33971
04 Jul 2022 — Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. Se presen... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 8.1EPSS: 0%CPEs: 113EXPL: 0CVE-2022-33208
https://notcve.org/view.php?id=CVE-2022-33208
04 Jul 2022 — Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communicat... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26419 – Rockwell Automation Studio 5000 Logix Designer Code Injection
https://notcve.org/view.php?id=CVE-2022-26419
01 Apr 2022 — Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a múltiples condiciones de desbordamiento de búfer en la región stack de la memoria mientras analiza un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar localmente código arbitrario This vulnerability allows r... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26022 – Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2022-26022
01 Apr 2022 — Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una escritura fuera de límites mientras es procesado un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. Us... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26417 – Rockwell Automation Studio 5000 Logix Designer Use After Free
https://notcve.org/view.php?id=CVE-2022-26417
01 Apr 2022 — Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una condición de uso de memoria previamente liberada mientras procesa un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected insta... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25959 – Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer
https://notcve.org/view.php?id=CVE-2022-25959
01 Apr 2022 — Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. Omron CX-Position (versiones 2.5.3 y anteriores) es vulnerable a una corrupción de memoria mientras es procesado un archivo de proyecto específico, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interac... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •