Skip to main content

Sysmac Cp1H Firmware

3 CVEs product

Monthly

CVE-2022-31207 CRITICAL Act Now

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-31205 HIGH This Week

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware Sysmac Cp1E Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31204 HIGH This Week

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware Sysmac Cp1E Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Sysmac Cs1 Firmware +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware +6
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy