CVE-2022-45790 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Dragos	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Vendor	Product	Version
omron	cj1g-cpu45p_firmware	𝑥 < 4.1
omron	cj1g-cpu45p-gtc_firmware	𝑥 < 4.1
omron	cj1g-cpu44p_firmware	𝑥 < 4.1
omron	cj1g-cpu43p_firmware	𝑥 < 4.1
omron	cj1g-cpu42p_firmware	𝑥 < 4.1
omron	cp1e-e_firmware	𝑥 < 1.3
omron	cp1e-n_firmware	𝑥 < 1.3
omron	cj2h-cpu68_firmware	𝑥 < 1.5
omron	cj2h-cpu67_firmware	𝑥 < 1.5
omron	cj2h-cpu66_firmware	𝑥 < 1.5
omron	cj2h-cpu65_firmware	𝑥 < 1.5
omron	cj2h-cpu64_firmware	𝑥 < 1.5
omron	cj2h-cpu68-eip_firmware	𝑥 < 1.5
omron	cj2h-cpu67-eip_firmware	𝑥 < 1.5
omron	cj2h-cpu66-eip_firmware	𝑥 < 1.5
omron	cj2h-cpu65-eip_firmware	𝑥 < 1.5
omron	cj2h-cpu64-eip_firmware	𝑥 < 1.5
omron	cj2m-cpu35_firmware	𝑥 < 2.1
omron	cj2m-cpu34_firmware	𝑥 < 2.1
omron	cj2m-cpu33_firmware	𝑥 < 2.1
omron	cj2m-cpu32_firmware	𝑥 < 2.1
omron	cj2m-cpu31_firmware	𝑥 < 2.1
omron	cj2m-cpu15_firmware	𝑥 < 2.1
omron	cj2m-cpu14_firmware	𝑥 < 2.1
omron	cj2m-cpu13_firmware	𝑥 < 2.1
omron	cj2m-cpu12_firmware	𝑥 < 2.1
omron	cj2m-cpu11_firmware	𝑥 < 2.1
omron	cj2m-md211_firmware	𝑥 < 2.1
omron	cj2m-md212_firmware	𝑥 < 2.1
omron	cs1d-cpu67s_firmware	𝑥 < 2.1
omron	cs1d-cpu65s_firmware	𝑥 < 2.1
omron	cs1d-cpu44s_firmware	𝑥 < 2.1
omron	cs1d-cpu42s_firmware	𝑥 < 2.1
omron	cs1d-cpu65p_firmware	𝑥 < 1.4
omron	cs1d-cpu67p_firmware	𝑥 < 1.4
omron	cs1d-cpu67h_firmware	𝑥 < 1.4
omron	cs1d-cpu65h_firmware	𝑥 < 1.4
omron	cs1h-cpu67h_firmware	𝑥 < 4.1
omron	cs1h-cpu66h_firmware	𝑥 < 4.1
omron	cs1h-cpu65h_firmware	𝑥 < 4.1
omron	cs1h-cpu64h_firmware	𝑥 < 4.1
omron	cs1h-cpu63h_firmware	𝑥 < 4.1
omron	cs1g-cpu45h_firmware	𝑥 < 4.1
omron	cs1g-cpu44h_firmware	𝑥 < 4.1
omron	cs1g-cpu43h_firmware	𝑥 < 4.1
omron	cs1g-cpu42h_firmware	𝑥 < 4.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-307 - Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf