CVE-2022-31205

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
omronsysmac_cs1_firmware
𝑥
< 4.1
omronsysmac_cj2m_firmware
𝑥
< 2.1
omronsysmac_cj2h_firmware
𝑥
< 1.5
omronsysmac_cp1e_firmware
𝑥
< 1.30
omronsysmac_cp1h_firmware
𝑥
< 1.30
omronsysmac_cp1l_firmware
𝑥
< 1.10
omroncp1w-cif41_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02
https://www.forescout.com/blog/
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02
https://www.forescout.com/blog/