CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
35.2%
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
Vendor | Product | Version | CPE |
---|---|---|---|
omron | sysmac_cj2h-cpu64_firmware | - | cpe:2.3:o:omron:sysmac_cj2h-cpu64_firmware:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu64 | - | cpe:2.3:h:omron:sysmac_cj2h-cpu64:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu64-eip_firmware | - | cpe:2.3:o:omron:sysmac_cj2h-cpu64-eip_firmware:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu64-eip | - | cpe:2.3:h:omron:sysmac_cj2h-cpu64-eip:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu65_firmware | - | cpe:2.3:o:omron:sysmac_cj2h-cpu65_firmware:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu65 | - | cpe:2.3:h:omron:sysmac_cj2h-cpu65:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu65-eip_firmware | - | cpe:2.3:o:omron:sysmac_cj2h-cpu65-eip_firmware:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu65-eip | - | cpe:2.3:h:omron:sysmac_cj2h-cpu65-eip:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu66_firmware | - | cpe:2.3:o:omron:sysmac_cj2h-cpu66_firmware:-:*:*:*:*:*:*:* |
omron | sysmac_cj2h-cpu66 | - | cpe:2.3:h:omron:sysmac_cj2h-cpu66:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
35.2%