ГлавнаяУязвимости → CVE-2022-45790
8.6высокая

CVE-2022-45790

Описание

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

Затрагиваемое ПО
Omron Cj1g-cpu45p firmwareOmron Cj1g-cpu45pOmron Cj1g-cpu45p-gtc firmwareOmron Cj1g-cpu45p-gtcOmron Cj1g-cpu44p firmwareOmron Cj1g-cpu44pOmron Cj1g-cpu43p firmwareOmron Cj1g-cpu43pOmron Cj1g-cpu42p firmwareOmron Cj1g-cpu42pOmron Cp1e-e firmwareOmron Cp1e-eOmron Cp1e-n firmwareOmron Cp1e-nOmron Cj2h-cpu68 firmwareOmron Cj2h-cpu68Omron Cj2h-cpu67 firmwareOmron Cj2h-cpu67Omron Cj2h-cpu66 firmwareOmron Cj2h-cpu66Omron Cj2h-cpu65 firmwareOmron Cj2h-cpu65Omron Cj2h-cpu64 firmwareOmron Cj2h-cpu64Omron Cj2h-cpu68-eip firmware
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Источники
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdfhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf