Product:

Sysmac_cp1e_firmware

(Omron)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2022-07-26 CVE-2022-31205 In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. Cp1w\-Cif41_firmware, Sysmac_cj2h_firmware, Sysmac_cj2m_firmware, Sysmac_cp1e_firmware, Sysmac_cp1h_firmware, Sysmac_cp1l_firmware, Sysmac_cs1_firmware 7.5
2022-07-26 CVE-2022-31204 Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. Cp1w\-Cif41_firmware, Cx\-Programmer, Sysmac_cj2h_firmware, Sysmac_cj2m_firmware, Sysmac_cp1e_firmware, Sysmac_cp1h_firmware, Sysmac_cp1l_firmware, Sysmac_cs1_firmware 7.5
2022-07-26 CVE-2022-31207 The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other... Cp1w\-Cif41_firmware, Sysmac_cj2h_firmware, Sysmac_cj2m_firmware, Sysmac_cp1e_firmware, Sysmac_cp1h_firmware, Sysmac_cp1l_firmware, Sysmac_cs1_firmware 9.8