CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2979 – Omron CX-Programmer
https://notcve.org/view.php?id=CVE-2022-2979
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Una apertura de un archivo especialmente diseñado podría causar que el producto afectado no libere su referencia de memoria, resultando potencialmente en una ejecución de código arbitrario • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31207
https://notcve.org/view.php?id=CVE-2022-31207
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 50EXPL: 0CVE-2022-31206
https://notcve.org/view.php?id=CVE-2022-31206
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31205
https://notcve.org/view.php?id=CVE-2022-31205
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. En los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, la contraseña de acceso a la Interfaz de Usuario Web es almacenada en el área de memoria D1449...D1452 y puede leerse mediante el protocolo FINS de Omron sin necesidad de ninguna otra autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-31204
https://notcve.org/view.php?id=CVE-2022-31204
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. Los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, usan contraseñas en texto sin cifrar. Disponen de un ajuste de protección de UM que permite a usuarios o a integradores de sistemas configurar una contraseña para restringir las operaciones de ingeniería confidenciales (como las cargas y descargas de proyectos/lógicas). • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-319: Cleartext Transmission of Sensitive Information •