CVE-2023-22357
First published: Tue Jan 17 2023(Updated: )
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Omron Cp1l-el20dr-d Firmware | ||
| OMRON CP1L-EL20DR-D |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-22357.
What products are affected by CVE-2023-22357 vulnerability?
OMRON CP1L-EL20DR-D all versions are affected by this vulnerability.
What is the severity of CVE-2023-22357?
CVE-2023-22357 has a severity rating of 9.8 (Critical).
How does CVE-2023-22357 impact the device?
CVE-2023-22357 allows remote unauthenticated attackers to read/write in arbitrary memory areas of the affected device, potentially overwriting the firmware.
Is there a fix available for CVE-2023-22357?
At the moment, there is no specific fix available for CVE-2023-22357. Contact the vendor for further information and recommendations.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- vendor/omron
- canonical/omron cp1l-el20dr-d firmware
- canonical/omron cp1l-el20dr-d