Vulnerability Details CVE-2022-31205
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.3%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-31205
-
cpe:2.3:h:omron:cp1w-cif41:-
-
cpe:2.3:h:omron:sysmac_cj2h:-
-
cpe:2.3:h:omron:sysmac_cj2m:-
-
cpe:2.3:h:omron:sysmac_cp1e:-
-
cpe:2.3:h:omron:sysmac_cp1h:-
-
cpe:2.3:h:omron:sysmac_cp1l:-
-
cpe:2.3:h:omron:sysmac_cs1:-
-
cpe:2.3:o:omron:cp1w-cif41_firmware:-
-
cpe:2.3:o:omron:sysmac_cj2h_firmware:-
-
cpe:2.3:o:omron:sysmac_cj2m_firmware:-
-
cpe:2.3:o:omron:sysmac_cp1e_firmware:-
-
cpe:2.3:o:omron:sysmac_cp1h_firmware:-
-
cpe:2.3:o:omron:sysmac_cp1l_firmware:-
-
cpe:2.3:o:omron:sysmac_cs1_firmware:-