CVE-2022-31204
First published: Tue Jul 26 2022(Updated: )
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron SYSMAC CS1 | <4.1 | 4.1 |
| Omron SYSMAC CJ2M | <2.1 | 2.1 |
| Omron SYSMAC CJ2H | <1.5 | 1.5 |
| Omron SYSMAC CP1E/CP1H | <1.30 | 1.30 |
| Omron SYSMAC CP1L | <1.10 | 1.10 |
| Omron CP1W-CIF41 | ||
| Omron SYSMAC CX-Programmer | <9.6 | 9.6 |
| Omron SYSMAC NJ/NX Series: Versions prior to 1.49 (1.29 for NX7) | ||
| Omron Sysmac Cs1 Firmware | <4.1 | |
| Omron SYSMAC CS1 | ||
| Omron Sysmac Cj2m Firmware | <2.1 | |
| Omron SYSMAC CJ2M | ||
| Omron Sysmac Cj2h Firmware | <1.5 | |
| Omron SYSMAC CJ2H | ||
| Omron Sysmac Cp1e Firmware | <1.30 | |
| Omron Sysmac Cp1e | ||
| Omron Sysmac Cp1h Firmware | <1.30 | |
| Omron Sysmac Cp1h | ||
| Omron Sysmac Cp1l Firmware | <1.10 | |
| Omron SYSMAC CP1L | ||
| Omron Cp1w-cif41 Firmware | ||
| Omron CP1W-CIF41 | ||
| Omron CX-Programmer | <9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-31204?
CVE-2022-31204 refers to a vulnerability where Omron CS series, CJ series, and CP series PLCs use cleartext passwords, which can be exploited to gain unauthorized access.
How severe is CVE-2022-31204?
CVE-2022-31204 has a severity rating of 7.5 out of 10, indicating a high severity.
Which Omron PLCs are affected by CVE-2022-31204?
Omron CS series, CJ series, and CP series PLCs are affected by CVE-2022-31204.
What is the UM Protection setting in the affected Omron PLCs?
The UM Protection setting in the affected Omron PLCs allows users or system integrators to configure a password to restrict sensitive engineering operations.
How can CVE-2022-31204 be fixed?
To fix CVE-2022-31204, it is recommended to update the firmware of the affected Omron PLCs to a version that addresses the cleartext password vulnerability.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/omron
- canonical/omron sysmac cs1
- canonical/omron sysmac cj2m
- canonical/omron sysmac cj2h
- canonical/omron sysmac cp1e/cp1h
- canonical/omron sysmac cp1l
- canonical/omron cp1w-cif41
- canonical/omron sysmac cx-programmer
- canonical/omron sysmac nj/nx series: versions prior to 1.49 (1.29 for nx7)
- canonical/omron sysmac cs1 firmware
- canonical/omron sysmac cj2m firmware
- canonical/omron sysmac cj2h firmware
- canonical/omron sysmac cp1e firmware
- canonical/omron sysmac cp1e
- canonical/omron sysmac cp1h firmware
- canonical/omron sysmac cp1h
- canonical/omron sysmac cp1l firmware
- canonical/omron cp1w-cif41 firmware
- canonical/omron cx-programmer