Vulnerability Description
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omron | Sysmac Cj2H-Cpu64 Firmware | - |
| Omron | Sysmac Cj2H-Cpu64 | - |
| Omron | Sysmac Cj2H-Cpu64-Eip Firmware | - |
| Omron | Sysmac Cj2H-Cpu64-Eip | - |
| Omron | Sysmac Cj2H-Cpu65 Firmware | - |
| Omron | Sysmac Cj2H-Cpu65 | - |
| Omron | Sysmac Cj2H-Cpu65-Eip Firmware | - |
| Omron | Sysmac Cj2H-Cpu65-Eip | - |
| Omron | Sysmac Cj2H-Cpu66 Firmware | - |
| Omron | Sysmac Cj2H-Cpu66 | - |
| Omron | Sysmac Cj2H-Cpu66-Eip Firmware | - |
| Omron | Sysmac Cj2H-Cpu66-Eip | - |
| Omron | Sysmac Cj2H-Cpu67 Firmware | - |
| Omron | Sysmac Cj2H-Cpu67 | - |
| Omron | Sysmac Cj2H-Cpu67-Eip Firmware | - |
| Omron | Sysmac Cj2H-Cpu67-Eip | - |
| Omron | Sysmac Cj2H-Cpu68 Firmware | - |
| Omron | Sysmac Cj2H-Cpu68 | - |
| Omron | Sysmac Cj2H-Cpu68-Eip Firmware | - |
| Omron | Sysmac Cj2H-Cpu68-Eip | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01Third Party AdvisoryUS Government Resource
- https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdfMitigationVendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01Third Party AdvisoryUS Government Resource
- https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdfMitigationVendor Advisory
FAQ
What is CVE-2023-0811?
CVE-2023-0811 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they...
How severe is CVE-2023-0811?
CVE-2023-0811 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-0811?
Check the references section above for vendor advisories and patch information. Affected products include: Omron Sysmac Cj2H-Cpu64 Firmware, Omron Sysmac Cj2H-Cpu64, Omron Sysmac Cj2H-Cpu64-Eip Firmware, Omron Sysmac Cj2H-Cpu64-Eip, Omron Sysmac Cj2H-Cpu65 Firmware.