Skip to main content

Cp1W Cif41 Firmware

4 CVEs product

Monthly

CVE-2023-27396 CRITICAL Act Now

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs1W Eip21 Firmware Cs1W Spu01 V2 Firmware Cs1W Spu02 V2 Firmware Cs1W Etn21 Firmware +267
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-31207 CRITICAL Act Now

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-31205 HIGH This Week

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware Sysmac Cp1E Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31204 HIGH This Week

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware Sysmac Cp1E Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL Act Now

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs1W Eip21 Firmware Cs1W Spu01 V2 Firmware +269
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Sysmac Cs1 Firmware +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware +6
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy