cbcvebase.
CVE-2022-31205
published 2022-07-26

CVE-2022-31205: In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.51%
39.6th percentile
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

Affected

6 ranges
VendorProductVersion rangeFixed in
omronsysmac_cj2h_firmware< 1.51.5
omronsysmac_cj2m_firmware< 2.12.1
omronsysmac_cp1e_firmware< 1.301.30
omronsysmac_cp1h_firmware< 1.301.30
omronsysmac_cp1l_firmware< 1.101.10
omronsysmac_cs1_firmware< 4.14.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.