CVE-2022-45794

high-risk

Published 2024-01-10

An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.6/10 High

NETWORK / LOW complexity

Affected Products (20)

Sysmac Cj2H-Cpu64-Eip Firmware

Sysmac Cj2H-Cpu64 Firmware

Sysmac Cj2H-Cpu65-Eip Firmware

Sysmac Cj2H-Cpu65 Firmware

Sysmac Cj2H-Cpu66-Eip Firmware

Sysmac Cj2H-Cpu66 Firmware

Sysmac Cj2H-Cpu67-Eip Firmware

Sysmac Cj2H-Cpu67 Firmware

Sysmac Cj2H-Cpu68-Eip Firmware

Sysmac Cj2H-Cpu68 Firmware

Sysmac Cj2M-Cpu11 Firmware

Sysmac Cj2M-Cpu12 Firmware

Sysmac Cj2M-Cpu13 Firmware

Sysmac Cj2M-Cpu14 Firmware

Sysmac Cj2M-Cpu15 Firmware

Sysmac Cj2M-Cpu31 Firmware

Sysmac Cj2M-Cpu32 Firmware

Sysmac Cj2M-Cpu33 Firmware

Sysmac Cj2M-Cpu34 Firmware

Sysmac Cj2M-Cpu35 Firmware

Affected Vendors

Omron

References (4)

Third Party Advisory https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-f...

Vendor Advisory https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf

Third Party Advisory https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-f...

Vendor Advisory https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf

/ 100

high-risk

Severity 29/34 · Critical

Exploitability 1/34 · Minimal

Exposure 24/34 · High