CVE-2022-45790

high-risk

Published 2024-01-22

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

Do I need to act?

0.39% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.6/10 High

NETWORK / LOW complexity

Affected Products (20)

Cs1H-Cpu65H Firmware

Cs1H-Cpu64H Firmware

Cs1H-Cpu63H Firmware

Cs1G-Cpu45H Firmware

Cs1G-Cpu44H Firmware

Cs1G-Cpu43H Firmware

Cs1G-Cpu42H Firmware

Cj1G-Cpu45P Firmware

Cj1G-Cpu45P-Gtc Firmware

Cj1G-Cpu44P Firmware

Cj1G-Cpu43P Firmware

Cj1G-Cpu42P Firmware

Cp1E-E Firmware

Cp1E-N Firmware

Cj2H-Cpu68 Firmware

Cj2H-Cpu67 Firmware

Cj2H-Cpu66 Firmware

Cj2H-Cpu65 Firmware

Cj2H-Cpu64 Firmware

Cj2H-Cpu68-Eip Firmware

Affected Vendors

Omron

References (6)

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

Third Party Advisory https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-f...

Vendor Advisory https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

Third Party Advisory https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-f...

Vendor Advisory https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf

/ 100

high-risk

Severity 29/34 · Critical

Exploitability 1/34 · Minimal

Exposure 25/34 · High