90 results (0.010 seconds)

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function. • https://jvn.jp/en/vu/JVNVU95685374 https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf • CWE-863: Incorrect Authorization •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. • https://jvn.jp/en/vu/JVNVU92504444 https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-004_en.pdf •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. Los archivos de proyecto pueden contener contenidos maliciosos que el software utilizará para crear archivos en el sistema de archivos. Esto permite directory traversal y sobrescribir archivos con los privilegios del usuario que ha iniciado sesión. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.1EPSS: 0%CPEs: 92EXPL: 0

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. El protocolo Omron FINS tiene una función autenticada para evitar el acceso a regiones de memoria. La autenticación es susceptible a ataques de fuerza bruta, lo que puede permitir que un adversario obtenga acceso a la memoria protegida. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05 https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 8.6EPSS: 0%CPEs: 82EXPL: 0

An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. Un atacante con acceso a la red del PLC afectado (PLC de las series CJ y CS, todas las versiones) puede utilizar un protocolo de red para leer y escribir archivos desde la memoria interna y la tarjeta de memoria del PLC. • https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf • CWE-306: Missing Authentication for Critical Function •