Details of VAR-202308-0463

ID

VAR-202308-0463

CVE

CVE-2023-38744

TITLE

Made by Omron CJ Series and CS/CJ Of the series EtherNet/IP Denial of service in units (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-002787

DESCRIPTION

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. This vulnerability information is provided by the developer for the purpose of dissemination to product users. (DoS) may become a state

Trust: 1.71

sources: NVD: CVE-2023-38744 // JVNDB: JVNDB-2023-002787 // VULMON: CVE-2023-38744

AFFECTED PRODUCTS

vendor:	omron	model:	cj2m-cpu31	scope:	lte	version:	2.18	Trust: 1.0
vendor:	omron	model:	cj2m-cpu34	scope:	lte	version:	2.18	Trust: 1.0
vendor:	omron	model:	cj2m-cpu32	scope:	lte	version:	2.18	Trust: 1.0
vendor:	omron	model:	cs1w-eip21	scope:	lte	version:	3.04	Trust: 1.0
vendor:	omron	model:	cj2h-cpu68-eip	scope:	lte	version:	3.04	Trust: 1.0
vendor:	omron	model:	cj2h-cpu66-eip	scope:	lte	version:	3.04	Trust: 1.0
vendor:	omron	model:	cj2h-cpu67-eip	scope:	lte	version:	3.04	Trust: 1.0
vendor:	omron	model:	cj2h-cpu65-eip	scope:	lte	version:	3.04	Trust: 1.0
vendor:	omron	model:	cj2h-cpu64-eip	scope:	lte	version:	3.04	Trust: 1.0
vendor:	omron	model:	cj2m-cpu35	scope:	lte	version:	2.18	Trust: 1.0
vendor:	omron	model:	cj1w-eip21	scope:	lte	version:	3.04	Trust: 1.0
vendor:	omron	model:	cj2m-cpu33	scope:	lte	version:	2.18	Trust: 1.0
vendor:	オムロン株式会社	model:	cj2m-cpu3□	scope:	-	version:	-	Trust: 0.8
vendor:	オムロン株式会社	model:	cs1w-eip21	scope:	-	version:	-	Trust: 0.8
vendor:	オムロン株式会社	model:	cj2h-cpu6□-eip	scope:	-	version:	-	Trust: 0.8
vendor:	オムロン株式会社	model:	cj1w-eip21	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002787 // NVD: CVE-2023-38744

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-38744
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-002787
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-38744
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-002787
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002787 // NVD: CVE-2023-38744

PROBLEMTYPE DATA

problemtype:	CWE-1284	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Improper validation for input of specified type (CWE-1287) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002787 // NVD: CVE-2023-38744

PATCH

title:

CJ series CJ2 CPU built in unit EtherNet/IP port, and CS/CJ series EtherNet/IP unit out of service (DoS) State Vulnerability

url:

https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-006_ja.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2023-002787

EXTERNAL IDS

db:	JVN	id:	JVNVU92193064	Trust: 1.9
db:	NVD	id:	CVE-2023-38744	Trust: 1.9
db:	JVNDB	id:	JVNDB-2023-002787	Trust: 0.8
db:	VULMON	id:	CVE-2023-38744	Trust: 0.1

sources: VULMON: CVE-2023-38744 // JVNDB: JVNDB-2023-002787 // NVD: CVE-2023-38744

REFERENCES

url:	https://www.ia.omron.com/product/vulnerability/omsr-2023-006_en.pdf	Trust: 1.1
url:	https://jvn.jp/en/vu/jvnvu92193064/	Trust: 1.1
url:	http://jvn.jp/vu/jvnvu92193064/index.html	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-38744 // JVNDB: JVNDB-2023-002787 // NVD: CVE-2023-38744

SOURCES

db:	VULMON	id:	CVE-2023-38744
db:	JVNDB	id:	JVNDB-2023-002787
db:	NVD	id:	CVE-2023-38744

LAST UPDATE DATE

2024-10-18T03:59:15.488000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-38744	date:	2023-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-002787	date:	2023-08-02T08:46:00
db:	NVD	id:	CVE-2023-38744	date:	2024-10-17T16:35:07.460

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-38744	date:	2023-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-002787	date:	2023-08-02T00:00:00
db:	NVD	id:	CVE-2023-38744	date:	2023-08-03T05:15:10.417