CVE-2023-22357
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.
Existe un código de depuración activo en OMRON CP1L-EL20DR-D en todas las versiones, lo que puede provocar que un comando que no está especificado en el protocolo FINS se ejecute sin autenticación. Un atacante remoto no autenticado puede leer/escribir en un área arbitraria de la memoria del dispositivo, lo que puede provocar la sobrescritura del firmware, lo que provoca una condición de denegación de servicio (DoS) y/o la ejecución de código arbitrario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-12-27 CVE Reserved
- 2023-01-17 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/vu/JVNVU97575890/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Omron Search vendor "Omron" | Cp1l-el20dr-d Firmware Search vendor "Omron" for product "Cp1l-el20dr-d Firmware" | * | - |
Affected
| in | Omron Search vendor "Omron" | Cp1l-el20dr-d Search vendor "Omron" for product "Cp1l-el20dr-d" | - | - |
Safe
|