CVE-2022-31205
First published: Tue Jul 26 2022(Updated: )
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron SYSMAC CS1 | <4.1 | 4.1 |
| Omron SYSMAC CJ2M | <2.1 | 2.1 |
| Omron SYSMAC CJ2H | <1.5 | 1.5 |
| Omron SYSMAC CP1E/CP1H | <1.30 | 1.30 |
| Omron SYSMAC CP1L | <1.10 | 1.10 |
| Omron CP1W-CIF41 | ||
| Omron SYSMAC CX-Programmer | <9.6 | 9.6 |
| Omron SYSMAC NJ/NX Series: Versions prior to 1.49 (1.29 for NX7) | ||
| Omron Sysmac Cs1 Firmware | <4.1 | |
| Omron SYSMAC CS1 | ||
| Omron Sysmac Cj2m Firmware | <2.1 | |
| Omron SYSMAC CJ2M | ||
| Omron Sysmac Cj2h Firmware | <1.5 | |
| Omron SYSMAC CJ2H | ||
| Omron Sysmac Cp1e Firmware | <1.30 | |
| Omron Sysmac Cp1e | ||
| Omron Sysmac Cp1h Firmware | <1.30 | |
| Omron Sysmac Cp1h | ||
| Omron Sysmac Cp1l Firmware | <1.10 | |
| Omron SYSMAC CP1L | ||
| Omron Cp1w-cif41 Firmware | ||
| Omron CP1W-CIF41 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability identifier for this Omron PLC vulnerability?
The vulnerability identifier for this Omron PLC vulnerability is CVE-2022-31205.
What is the severity of CVE-2022-31205?
The severity of CVE-2022-31205 is high with a CVSS score of 7.5.
Which Omron PLC series are affected by CVE-2022-31205?
CVE-2022-31205 affects Omron CS series, CJ series, and CP series PLCs.
How can the password for the Web UI be accessed in Omron PLCs affected by CVE-2022-31205?
In Omron PLCs affected by CVE-2022-31205, the password for the Web UI can be read out using the Omron FINS protocol without any further authentication.
How can I mitigate the vulnerability CVE-2022-31205 in Omron PLCs?
To mitigate the vulnerability CVE-2022-31205 in Omron PLCs, it is recommended to apply the necessary patches or firmware updates provided by Omron.
- agent/author
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/omron
- canonical/omron sysmac cs1
- canonical/omron sysmac cj2m
- canonical/omron sysmac cj2h
- canonical/omron sysmac cp1e/cp1h
- canonical/omron sysmac cp1l
- canonical/omron cp1w-cif41
- canonical/omron sysmac cx-programmer
- canonical/omron sysmac nj/nx series: versions prior to 1.49 (1.29 for nx7)
- canonical/omron sysmac cs1 firmware
- canonical/omron sysmac cj2m firmware
- canonical/omron sysmac cj2h firmware
- canonical/omron sysmac cp1e firmware
- canonical/omron sysmac cp1e
- canonical/omron sysmac cp1h firmware
- canonical/omron sysmac cp1h
- canonical/omron sysmac cp1l firmware
- canonical/omron cp1w-cif41 firmware