CVE-2022-45790

HIGH

Omron CJ1G and CJ2H Firmware < 4.1 and CP1E Firmware < 1.3 - Authenticated Brute Force Attack via FINS Protocol

Title source: llm

Description

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

Third Party Advisory

https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/

Vendor Advisory

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf

Scores

CVSS v3 8.6

EPSS 0.0070

EPSS Percentile 48.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (46)

omron/cj1g-cpu42p_firmware < 4.1

omron/cj1g-cpu43p_firmware < 4.1

omron/cj1g-cpu44p_firmware < 4.1

omron/cj1g-cpu45p-gtc_firmware < 4.1

omron/cj1g-cpu45p_firmware < 4.1

omron/cj2h-cpu64-eip_firmware < 1.5

omron/cj2h-cpu64_firmware < 1.5

omron/cj2h-cpu65-eip_firmware < 1.5

omron/cj2h-cpu65_firmware < 1.5

omron/cj2h-cpu66-eip_firmware < 1.5

... and 36 more

Published Jan 22, 2024

Tracked Since Feb 18, 2026