Strix
26.1K

CVE-2022-45790

CRITICALCVSS 9.1/10EPSS 0.70%

Last modified

CVE-2022-45790 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. EPSS estimates a 0.70% chance of exploitation in the next 30 days.

Description

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Probability
0.70%

48.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OmronCj1g-Cpu45p Firmware< 4.1
OmronCj1g-Cpu45p-Gtc Firmware< 4.1
OmronCj1g-Cpu44p Firmware< 4.1
OmronCj1g-Cpu43p Firmware< 4.1
OmronCj1g-Cpu42p Firmware< 4.1
OmronCp1e-E Firmware< 1.3
OmronCp1e-N Firmware< 1.3
OmronCj2h-Cpu68 Firmware< 1.5
OmronCj2h-Cpu67 Firmware< 1.5
OmronCj2h-Cpu66 Firmware< 1.5
OmronCj2h-Cpu65 Firmware< 1.5
OmronCj2h-Cpu64 Firmware< 1.5
OmronCj2h-Cpu68-Eip Firmware< 1.5
OmronCj2h-Cpu67-Eip Firmware< 1.5
OmronCj2h-Cpu66-Eip Firmware< 1.5
OmronCj2h-Cpu65-Eip Firmware< 1.5
OmronCj2h-Cpu64-Eip Firmware< 1.5
OmronCj2m-Cpu35 Firmware< 2.1
OmronCj2m-Cpu34 Firmware< 2.1
OmronCj2m-Cpu33 Firmware< 2.1
OmronCj2m-Cpu32 Firmware< 2.1
OmronCj2m-Cpu31 Firmware< 2.1
OmronCj2m-Cpu15 Firmware< 2.1
OmronCj2m-Cpu14 Firmware< 2.1
OmronCj2m-Cpu13 Firmware< 2.1
OmronCj2m-Cpu12 Firmware< 2.1
OmronCj2m-Cpu11 Firmware< 2.1
OmronCj2m-Md211 Firmware< 2.1
OmronCj2m-Md212 Firmware< 2.1
OmronCs1d-Cpu67s Firmware< 2.1
OmronCs1d-Cpu65s Firmware< 2.1
OmronCs1d-Cpu44s Firmware< 2.1
OmronCs1d-Cpu42s Firmware< 2.1
OmronCs1d-Cpu65p Firmware< 1.4
OmronCs1d-Cpu67p Firmware< 1.4
OmronCs1d-Cpu67h Firmware< 1.4
OmronCs1d-Cpu65h Firmware< 1.4
OmronCs1h-Cpu67h Firmware< 4.1
OmronCs1h-Cpu66h Firmware< 4.1
OmronCs1h-Cpu65h Firmware< 4.1
OmronCs1h-Cpu64h Firmware< 4.1
OmronCs1h-Cpu63h Firmware< 4.1
OmronCs1g-Cpu45h Firmware< 4.1
OmronCs1g-Cpu44h Firmware< 4.1
OmronCs1g-Cpu43h Firmware< 4.1
OmronCs1g-Cpu42h Firmware< 4.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-45790?
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
How severe is CVE-2022-45790?
CVE-2022-45790 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.70% probability of exploitation in the next 30 days.
How do I fix CVE-2022-45790?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-45790?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST