CVE-2023-38744
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-25 CVE Reserved
- 2023-08-03 CVE Published
- 2024-09-04 EPSS Updated
- 2024-10-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1284: Improper Validation of Specified Quantity in Input
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/vu/JVNVU92193064 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf | 2023-08-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Omron Search vendor "Omron" | Cj2m-cpu35 Firmware Search vendor "Omron" for product "Cj2m-cpu35 Firmware" | <= 2.18 Search vendor "Omron" for product "Cj2m-cpu35 Firmware" and version " <= 2.18" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2m-cpu35 Search vendor "Omron" for product "Cj2m-cpu35" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2m-cpu34 Firmware Search vendor "Omron" for product "Cj2m-cpu34 Firmware" | <= 2.18 Search vendor "Omron" for product "Cj2m-cpu34 Firmware" and version " <= 2.18" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2m-cpu34 Search vendor "Omron" for product "Cj2m-cpu34" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2m-cpu33 Firmware Search vendor "Omron" for product "Cj2m-cpu33 Firmware" | <= 2.18 Search vendor "Omron" for product "Cj2m-cpu33 Firmware" and version " <= 2.18" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2m-cpu33 Search vendor "Omron" for product "Cj2m-cpu33" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2m-cpu32 Firmware Search vendor "Omron" for product "Cj2m-cpu32 Firmware" | <= 2.18 Search vendor "Omron" for product "Cj2m-cpu32 Firmware" and version " <= 2.18" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2m-cpu32 Search vendor "Omron" for product "Cj2m-cpu32" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2m-cpu31 Firmware Search vendor "Omron" for product "Cj2m-cpu31 Firmware" | <= 2.18 Search vendor "Omron" for product "Cj2m-cpu31 Firmware" and version " <= 2.18" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2m-cpu31 Search vendor "Omron" for product "Cj2m-cpu31" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2h-cpu68-eip Firmware Search vendor "Omron" for product "Cj2h-cpu68-eip Firmware" | <= 3.04 Search vendor "Omron" for product "Cj2h-cpu68-eip Firmware" and version " <= 3.04" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2h-cpu68-eip Search vendor "Omron" for product "Cj2h-cpu68-eip" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2h-cpu67-eip Firmware Search vendor "Omron" for product "Cj2h-cpu67-eip Firmware" | <= 3.04 Search vendor "Omron" for product "Cj2h-cpu67-eip Firmware" and version " <= 3.04" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2h-cpu67-eip Search vendor "Omron" for product "Cj2h-cpu67-eip" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2h-cpu66-eip Firmware Search vendor "Omron" for product "Cj2h-cpu66-eip Firmware" | <= 3.04 Search vendor "Omron" for product "Cj2h-cpu66-eip Firmware" and version " <= 3.04" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2h-cpu66-eip Search vendor "Omron" for product "Cj2h-cpu66-eip" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2h-cpu65-eip Firmware Search vendor "Omron" for product "Cj2h-cpu65-eip Firmware" | <= 3.04 Search vendor "Omron" for product "Cj2h-cpu65-eip Firmware" and version " <= 3.04" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2h-cpu65-eip Search vendor "Omron" for product "Cj2h-cpu65-eip" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj2h-cpu64-eip Firmware Search vendor "Omron" for product "Cj2h-cpu64-eip Firmware" | <= 3.04 Search vendor "Omron" for product "Cj2h-cpu64-eip Firmware" and version " <= 3.04" | - |
Affected
| in | Omron Search vendor "Omron" | Cj2h-cpu64-eip Search vendor "Omron" for product "Cj2h-cpu64-eip" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cs1w-eip21 Firmware Search vendor "Omron" for product "Cs1w-eip21 Firmware" | <= 3.04 Search vendor "Omron" for product "Cs1w-eip21 Firmware" and version " <= 3.04" | - |
Affected
| in | Omron Search vendor "Omron" | Cs1w-eip21 Search vendor "Omron" for product "Cs1w-eip21" | - | - |
Safe
|
| Omron Search vendor "Omron" | Cj1w-eip21 Firmware Search vendor "Omron" for product "Cj1w-eip21 Firmware" | <= 3.04 Search vendor "Omron" for product "Cj1w-eip21 Firmware" and version " <= 3.04" | - |
Affected
| in | Omron Search vendor "Omron" | Cj1w-eip21 Search vendor "Omron" for product "Cj1w-eip21" | - | - |
Safe
|