Vulnerability Description
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omron | Sysmac Cs1 Firmware | < 4.1 |
| Omron | Sysmac Cs1 | - |
| Omron | Sysmac Cj2M Firmware | < 2.1 |
| Omron | Sysmac Cj2M | - |
| Omron | Sysmac Cj2H Firmware | < 1.5 |
| Omron | Sysmac Cj2H | - |
| Omron | Sysmac Cp1E Firmware | < 1.30 |
| Omron | Sysmac Cp1E | - |
| Omron | Sysmac Cp1H Firmware | < 1.30 |
| Omron | Sysmac Cp1H | - |
| Omron | Sysmac Cp1L Firmware | < 1.10 |
| Omron | Sysmac Cp1L | - |
| Omron | Cp1W-Cif41 Firmware | - |
| Omron | Cp1W-Cif41 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02Third Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Third Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02Third Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Third Party Advisory
FAQ
What is CVE-2022-31205?
CVE-2022-31205 is a vulnerability with a CVSS score of 7.5 (HIGH). In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol wit...
How severe is CVE-2022-31205?
CVE-2022-31205 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31205?
Check the references section above for vendor advisories and patch information. Affected products include: Omron Sysmac Cs1 Firmware, Omron Sysmac Cs1, Omron Sysmac Cj2M Firmware, Omron Sysmac Cj2M, Omron Sysmac Cj2H Firmware.