Sign-up

ID

VAR-202401-1097


CVE

CVE-2022-45790


TITLE

Vulnerability related to improper restriction of excessive authentication attempts in multiple OMRON Corporation products

Trust: 0.8

sources: JVNDB: JVNDB-2022-025065

DESCRIPTION

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. cj1g-cpu45p firmware, cj1g-cpu45p-gtc firmware, cj1g-cpu44p Multiple OMRON Corporation products, including firmware, contain a vulnerability related to improper restriction of excessive authentication attempts.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2022-45790 // JVNDB: JVNDB-2022-025065

AFFECTED PRODUCTS

vendor:omronmodel:cj2h-cpu68-eipscope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cj2h-cpu64scope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cs1h-cpu66hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj1g-cpu44pscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cs1d-cpu67sscope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj2m-cpu34scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cs1g-cpu44hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj2h-cpu68scope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cj2h-cpu67-eipscope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cj1g-cpu45p-gtcscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj2h-cpu64-eipscope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cj2h-cpu67scope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cj2m-cpu33scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cs1h-cpu67hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cs1d-cpu67pscope:ltversion:1.4

Trust: 1.0

vendor:omronmodel:cs1g-cpu43hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj2m-cpu13scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj2m-cpu12scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj2m-cpu15scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cs1d-cpu42sscope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cs1d-cpu44sscope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cs1d-cpu65hscope:ltversion:1.4

Trust: 1.0

vendor:omronmodel:cs1d-cpu65pscope:ltversion:1.4

Trust: 1.0

vendor:omronmodel:cj2h-cpu66-eipscope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cj2m-cpu31scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cp1e-escope:ltversion:1.3

Trust: 1.0

vendor:omronmodel:cs1h-cpu65hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cp1e-nscope:ltversion:1.3

Trust: 1.0

vendor:omronmodel:cj2m-cpu11scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj2h-cpu66scope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cs1d-cpu67hscope:ltversion:1.4

Trust: 1.0

vendor:omronmodel:cj2m-cpu32scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cs1d-cpu65sscope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj2h-cpu65scope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cs1h-cpu64hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cs1h-cpu63hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cs1g-cpu45hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj2m-md211scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj2m-cpu35scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cs1g-cpu42hscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj1g-cpu42pscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj2m-cpu14scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj1g-cpu45pscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj1g-cpu43pscope:ltversion:4.1

Trust: 1.0

vendor:omronmodel:cj2m-md212scope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:cj2h-cpu65-eipscope:ltversion:1.5

Trust: 1.0

vendor:オムロン株式会社model:cj2h-cpu64scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj1g-cpu44pscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj1g-cpu42pscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cp1e-escope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu67scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu66-eipscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj1g-cpu43pscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu65-eipscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2m-cpu34scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu66scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2m-cpu33scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2m-cpu35scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj1g-cpu45pscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj1g-cpu45p-gtcscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu68-eipscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu65scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu68scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cp1e-nscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu64-eipscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cj2h-cpu67-eipscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-025065 // NVD: CVE-2022-45790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45790
value: CRITICAL

Trust: 1.0

ot-cert@dragos.com: CVE-2022-45790
value: HIGH

Trust: 1.0

NVD: CVE-2022-45790
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2022-45790
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

ot-cert@dragos.com: CVE-2022-45790
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-45790
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-025065 // NVD: CVE-2022-45790 // NVD: CVE-2022-45790

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-025065 // NVD: CVE-2022-45790

EXTERNAL IDS

db:NVDid:CVE-2022-45790

Trust: 2.6

db:ICS CERTid:ICSA-23-262-05

Trust: 1.8

db:JVNid:JVNVU95526822

Trust: 0.8

db:JVNDBid:JVNDB-2022-025065

Trust: 0.8

sources: JVNDB: JVNDB-2022-025065 // NVD: CVE-2022-45790

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

Trust: 1.8

url:https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/

Trust: 1.8

url:https://www.fa.omron.co.jp/product/security/assets/pdf/en/omsr-2023-010_en.pdf

Trust: 1.8

url:https://jvn.jp/vu/jvnvu95526822/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-45790

Trust: 0.8

sources: JVNDB: JVNDB-2022-025065 // NVD: CVE-2022-45790

SOURCES

db:JVNDBid:JVNDB-2022-025065
db:NVDid:CVE-2022-45790

LAST UPDATE DATE

2024-08-14T13:19:30.059000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-025065date:2024-02-06T02:07:00
db:NVDid:CVE-2022-45790date:2024-01-29T16:37:48.967

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-025065date:2024-02-06T00:00:00
db:NVDid:CVE-2022-45790date:2024-01-22T18:15:19.497