CVE-2023-38744

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:omron:cj2m-cpu35:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu35_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:omron:cj2m-cpu34:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu34_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:omron:cj2m-cpu33:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu33_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:omron:cj2m-cpu32:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu32_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:omron:cj2m-cpu31:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu31_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:omron:cj2h-cpu68-eip:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu68-eip_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:omron:cj2h-cpu67-eip:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu67-eip_firmware:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:omron:cj2h-cpu66-eip:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu66-eip_firmware:*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:omron:cj2h-cpu65-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu65-eip:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:omron:cj2h-cpu64-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu64-eip:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:omron:cs1w-eip21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cs1w-eip21:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:omron:cj1w-eip21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj1w-eip21:-:*:*:*:*:*:*:*

History

17 Oct 2024, 16:35

Type Values Removed Values Added
CWE CWE-1284

11 Aug 2023, 21:01

Type Values Removed Values Added
References (MISC) https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf - (MISC) https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU92193064/ - (MISC) https://jvn.jp/en/vu/JVNVU92193064/ - Third Party Advisory
CPE cpe:2.3:o:omron:cj2m-cpu32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu33_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cs1w-eip21:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu34_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu68-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu65-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu67-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu64-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu33:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu68-eip:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu67-eip:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu31:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2m-cpu31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj1w-eip21:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu66-eip:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu35:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu65-eip:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj1w-eip21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu32:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cj2h-cpu66-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu64-eip:-:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu34:-:*:*:*:*:*:*:*
cpe:2.3:o:omron:cs1w-eip21_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Omron cj1w-eip21
Omron cj2h-cpu67-eip
Omron cj2m-cpu31
Omron cj2m-cpu35 Firmware
Omron cj2h-cpu67-eip Firmware
Omron cj2h-cpu64-eip Firmware
Omron cj2m-cpu35
Omron cj2h-cpu64-eip
Omron
Omron cj2m-cpu31 Firmware
Omron cj2h-cpu66-eip
Omron cj1w-eip21 Firmware
Omron cs1w-eip21
Omron cj2m-cpu32
Omron cj2m-cpu33
Omron cj2h-cpu65-eip
Omron cj2h-cpu68-eip Firmware
Omron cj2m-cpu33 Firmware
Omron cj2h-cpu65-eip Firmware
Omron cj2m-cpu34
Omron cj2h-cpu66-eip Firmware
Omron cj2m-cpu32 Firmware
Omron cj2m-cpu34 Firmware
Omron cs1w-eip21 Firmware
Omron cj2h-cpu68-eip
CWE NVD-CWE-Other

03 Aug 2023, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-03 05:15

Updated : 2024-10-17 16:35


NVD link : CVE-2023-38744

Mitre link : CVE-2023-38744

CVE.ORG link : CVE-2023-38744


JSON object : View

Products Affected

omron

  • cj1w-eip21_firmware
  • cj2m-cpu31
  • cj2h-cpu64-eip
  • cs1w-eip21
  • cj1w-eip21
  • cj2m-cpu34
  • cj2h-cpu64-eip_firmware
  • cs1w-eip21_firmware
  • cj2m-cpu35
  • cj2h-cpu67-eip
  • cj2m-cpu31_firmware
  • cj2m-cpu33_firmware
  • cj2h-cpu66-eip_firmware
  • cj2m-cpu34_firmware
  • cj2h-cpu68-eip
  • cj2m-cpu32
  • cj2m-cpu32_firmware
  • cj2h-cpu65-eip
  • cj2h-cpu68-eip_firmware
  • cj2h-cpu65-eip_firmware
  • cj2m-cpu35_firmware
  • cj2m-cpu33
  • cj2h-cpu67-eip_firmware
  • cj2h-cpu66-eip
CWE
NVD-CWE-Other CWE-1284

Improper Validation of Specified Quantity in Input