CVE-2022-45790

Summary

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

Affected Software

VendorProductVersion RangeStatus
OmronCJ-series and CS-series CPU modulesCJ2H 0.0 < 1.5affected
OmronCJ-series and CS-series CPU modulesCJ2M 0.0 < 2.1affected
OmronCJ-series and CS-series CPU modulesCJ1G 0.0 < 4.1affected
OmronCJ-series and CS-series CPU modulesCS1H 0.0 < 4.1affected
OmronCJ-series and CS-series CPU modulesCS1G 0.0 < 4.1affected
OmronCJ-series and CS-series CPU modulesCS1D-H 0.0 < 1.4affected
OmronCJ-series and CS-series CPU modulesCP1E-E 0.0 < 1.3affected
OmronCJ-series and CS-series CPU modulesCP1E-N 0.0 < 1.3affected
OmronCJ-series and CS-series CPU modulesCS1D-P 0.0 < 1.4affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References