CVE-2022-31205
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
En los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, la contraseña de acceso a la Interfaz de Usuario Web es almacenada en el área de memoria D1449...D1452 y puede leerse mediante el protocolo FINS de Omron sin necesidad de ninguna otra autenticación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-18 CVE Reserved
- 2022-07-26 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 | Third Party Advisory | |
| https://www.forescout.com/blog | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Omron Search vendor "Omron" | Sysmac Cs1 Firmware Search vendor "Omron" for product "Sysmac Cs1 Firmware" | < 4.1 Search vendor "Omron" for product "Sysmac Cs1 Firmware" and version " < 4.1" | - |
Affected
| in | Omron Search vendor "Omron" | Sysmac Cs1 Search vendor "Omron" for product "Sysmac Cs1" | - | - |
Safe
|
| Omron Search vendor "Omron" | Sysmac Cj2m Firmware Search vendor "Omron" for product "Sysmac Cj2m Firmware" | < 2.1 Search vendor "Omron" for product "Sysmac Cj2m Firmware" and version " < 2.1" | - |
Affected
| in | Omron Search vendor "Omron" | Sysmac Cj2m Search vendor "Omron" for product "Sysmac Cj2m" | - | - |
Safe
|
| Omron Search vendor "Omron" | Sysmac Cj2h Firmware Search vendor "Omron" for product "Sysmac Cj2h Firmware" | < 1.5 Search vendor "Omron" for product "Sysmac Cj2h Firmware" and version " < 1.5" | - |
Affected
| in | Omron Search vendor "Omron" | Sysmac Cj2h Search vendor "Omron" for product "Sysmac Cj2h" | - | - |
Safe
|
| Omron Search vendor "Omron" | Sysmac Cp1e Firmware Search vendor "Omron" for product "Sysmac Cp1e Firmware" | < 1.30 Search vendor "Omron" for product "Sysmac Cp1e Firmware" and version " < 1.30" | - |
Affected
| in | Omron Search vendor "Omron" | Sysmac Cp1e Search vendor "Omron" for product "Sysmac Cp1e" | - | - |
Safe
|
| Omron Search vendor "Omron" | Sysmac Cp1h Firmware Search vendor "Omron" for product "Sysmac Cp1h Firmware" | < 1.30 Search vendor "Omron" for product "Sysmac Cp1h Firmware" and version " < 1.30" | - |
Affected
| in | Omron Search vendor "Omron" | Sysmac Cp1h Search vendor "Omron" for product "Sysmac Cp1h" | - | - |
Safe
|
| Omron Search vendor "Omron" | Sysmac Cp1l Firmware Search vendor "Omron" for product "Sysmac Cp1l Firmware" | < 1.10 Search vendor "Omron" for product "Sysmac Cp1l Firmware" and version " < 1.10" | - |
Affected
| in | Omron Search vendor "Omron" | Sysmac Cp1l Search vendor "Omron" for product "Sysmac Cp1l" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cp1w-cif41 Firmware Search vendor "Omron" for product "Cp1w-cif41 Firmware" | - | - |
Affected
| in | Omron Search vendor "Omron" | Cp1w-cif41 Search vendor "Omron" for product "Cp1w-cif41" | - | - |
Safe
|