var-202206-2044
Vulnerability from variot
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain a vulnerability related to the transmission of sensitive information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sysmac cp1h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2m",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "2.1"
},
{
"model": "sysmac cp1e",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.30"
},
{
"model": "sysmac cj2h",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.5"
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac cp1l",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.10"
},
{
"model": "sysmac cs1",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "4.1"
},
{
"model": "cx-programmer",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "9.6"
},
{
"model": "sysmac cp1h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs1",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2m",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cx-programmer",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1e",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj2h",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cp1w-cif41",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp1l",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
},
"cve": "CVE-2022-31204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31204",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31204",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31204",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2692",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several Omron Corporation products, including firmware, contain a vulnerability related to the transmission of sensitive information in plain text.Information may be obtained. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31204",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062924",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422891",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31204",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"id": "VAR-202206-2044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
}
],
"trust": 0.55
},
"last_update_date": "2024-08-14T12:15:45.578000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203712"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 2.5,
"url": "https://www.forescout.com/blog/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31204"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3140"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062924"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31204/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422891"
},
{
"db": "VULMON",
"id": "CVE-2022-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-422891"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"date": "2022-07-26T22:15:11.317000",
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-422891"
},
{
"date": "2023-09-13T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-013964"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2692"
},
{
"date": "2022-08-04T14:59:59.737000",
"db": "NVD",
"id": "CVE-2022-31204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to sending sensitive information in plain text in multiple OMRON Corporation products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013964"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2692"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…