3 matches found
CVE-2022-31207
The CVE-2022-31207 issue affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs (through 2022-05-18). The root cause is lack of cryptographic authentication for the FINS (9600/TCP) engineering protocol, allowing an attacker to manipulate downloaded object code that the PLC runs either in ASIC...
CVE-2022-31204
CVE-2022-31204 affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs prior to the listed mitigations. The root cause is cleartext transmission of the engineering password used for UM Protection (Program Area Protect/Program Area Protect Clear), enabling unauthorized access to restricted engi...
CVE-2022-31205
CVE-2022-31205 affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs (through 2022-05-18). The Web UI password is stored in memory (D1449...D1452) and can be read via the Omron FINS protocol without authentication, exposing the engineering password. Impact is user-level to potential configur...