CVE-2023-0811

high-risk

Published 2023-03-16

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Sysmac Cj2H-Cpu64 Firmware

Sysmac Cj2H-Cpu64-Eip Firmware

Sysmac Cj2H-Cpu65 Firmware

Sysmac Cj2H-Cpu65-Eip Firmware

Sysmac Cj2H-Cpu66 Firmware

Sysmac Cj2H-Cpu66-Eip Firmware

Sysmac Cj2H-Cpu67 Firmware

Sysmac Cj2H-Cpu67-Eip Firmware

Sysmac Cj2H-Cpu68 Firmware

Sysmac Cj2H-Cpu68-Eip Firmware

Sysmac Cj2M-Cpu11 Firmware

Sysmac Cj2M-Cpu12 Firmware

Sysmac Cj2M-Cpu13 Firmware

Sysmac Cj2M-Cpu14 Firmware

Sysmac Cj2M-Cpu15 Firmware

Sysmac Cj2M-Cpu31 Firmware

Sysmac Cj2M-Cpu32 Firmware

Sysmac Cj2M-Cpu33 Firmware

Sysmac Cj2M-Cpu34 Firmware

Sysmac Cj2M-Cpu35 Firmware

Affected Vendors

Omron

References (4)

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01

Mitigation https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01

Mitigation https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 1/34 · Minimal

Exposure 32/34 · Critical