CVE-2022-45790 — HIGH (8.6)

Q: How severe is CVE-2022-45790?

CVE-2022-45790 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-45790?

Check the references section above for vendor advisories and patch information. Affected products include: Omron Cj1G-Cpu45P Firmware, Omron Cj1G-Cpu45P, Omron Cj1G-Cpu45P-Gtc Firmware, Omron Cj1G-Cpu45P-Gtc, Omron Cj1G-Cpu44P Firmware.

Vulnerability Description

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Omron	Cj1G-Cpu45P Firmware	< 4.1
Omron	Cj1G-Cpu45P	-
Omron	Cj1G-Cpu45P-Gtc Firmware	< 4.1
Omron	Cj1G-Cpu45P-Gtc	-
Omron	Cj1G-Cpu44P Firmware	< 4.1
Omron	Cj1G-Cpu44P	-
Omron	Cj1G-Cpu43P Firmware	< 4.1
Omron	Cj1G-Cpu43P	-
Omron	Cj1G-Cpu42P Firmware	< 4.1
Omron	Cj1G-Cpu42P	-
Omron	Cp1E-E Firmware	< 1.3
Omron	Cp1E-E	-
Omron	Cp1E-N Firmware	< 1.3
Omron	Cp1E-N	-
Omron	Cj2H-Cpu68 Firmware	< 1.5
Omron	Cj2H-Cpu68	-
Omron	Cj2H-Cpu67 Firmware	< 1.5
Omron	Cj2H-Cpu67	-
Omron	Cj2H-Cpu66 Firmware	< 1.5
Omron	Cj2H-Cpu66	-

Related Weaknesses (CWE)

CWE-307

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05Third Party AdvisoryUS Government Resource
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-fThird Party Advisory
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdfVendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05Third Party AdvisoryUS Government Resource
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-fThird Party Advisory
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdfVendor Advisory

FAQ

What is CVE-2022-45790?

CVE-2022-45790 is a vulnerability with a CVSS score of 8.6 (HIGH). The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected m...

How severe is CVE-2022-45790?

CVE-2022-45790 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-45790?

Check the references section above for vendor advisories and patch information. Affected products include: Omron Cj1G-Cpu45P Firmware, Omron Cj1G-Cpu45P, Omron Cj1G-Cpu45P-Gtc Firmware, Omron Cj1G-Cpu45P-Gtc, Omron Cj1G-Cpu44P Firmware.