CVE-2022-31205

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02	Third Party Advisory US Government Resource
https://www.forescout.com/blog/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-522~~	CWE-312

Information

Published : 2022-07-26 22:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-31205

Mitre link : CVE-2022-31205

CVE.ORG link : CVE-2022-31205

JSON object : View

Products Affected

omron

sysmac_cj2h
sysmac_cp1l
sysmac_cp1l_firmware
sysmac_cs1
sysmac_cp1h_firmware
sysmac_cp1h
sysmac_cj2h_firmware
cp1w-cif41_firmware
sysmac_cp1e
sysmac_cp1e_firmware
sysmac_cs1_firmware
sysmac_cj2m_firmware
sysmac_cj2m
cp1w-cif41

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2022-31205", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-26T22:15:11.357", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.forescout.com/blog/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication."}, {"lang": "es", "value": "En los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, la contrase\u00f1a de acceso a la Interfaz de Usuario Web es almacenada en el \u00e1rea de memoria D1449...D1452 y puede leerse mediante el protocolo FINS de Omron sin necesidad de ninguna otra autenticaci\u00f3n."}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC0EDECA-0697-4BF1-AC39-7DAEAFA79FE5", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:sysmac_cs1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F4E42A1-A6A5-4590-A369-C3E11C55979B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC2E363E-0118-4CA4-BD97-6C4FE939BA3E", "versionEndExcluding": "2.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:sysmac_cj2m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4EC6E3CB-486B-4C41-87D7-BF16D9B9FA74"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "464F762D-50B7-4BC7-87B8-C6E0CDBB05DA", "versionEndExcluding": "1.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:sysmac_cj2h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "179BC3C6-8530-4680-8DAA-B8734C3F088A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C2FE1EA-5A52-4245-8F66-60A88F3C5E5C", "versionEndExcluding": "1.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:sysmac_cp1e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A3E5CC5-3B48-4CD0-8CE0-F12AA0A8A1CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9846BE46-9506-4434-BAA6-13A8AF687EC5", "versionEndExcluding": "1.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:sysmac_cp1h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1334C61E-D200-427B-833E-5FB538930F80"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AAB91A7-28FD-4462-AD62-40A010D3FD33", "versionEndExcluding": "1.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:sysmac_cp1l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E74FC37C-0054-49E8-92CB-7BCF903D12C6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99A34BA8-7D88-4D08-A8F0-99570A397299"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:cp1w-cif41:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "83911864-386F-40A2-BB2D-7E3443E3EDB8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}