CVE-2023-0811
Last modified
CVE-2023-0811 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Omron | Sysmac Cj2h-Cpu64 Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu64-Eip Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu65 Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu65-Eip Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu66 Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu66-Eip Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu67 Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu67-Eip Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu68 Firmware | All versions |
| Omron | Sysmac Cj2h-Cpu68-Eip Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu11 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu12 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu13 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu14 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu15 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu31 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu32 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu33 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu34 Firmware | All versions |
| Omron | Sysmac Cj2m-Cpu35 Firmware | All versions |
| Omron | Sysmac Cp1e-E10dr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E10dr-D Firmware | All versions |
| Omron | Sysmac Cp1e-E10dt-A Firmware | All versions |
| Omron | Sysmac Cp1e-E10dt-D Firmware | All versions |
| Omron | Sysmac Cp1e-E10dt1-A Firmware | All versions |
| Omron | Sysmac Cp1e-E10dt1-D Firmware | All versions |
| Omron | Sysmac Cp1e-E14dr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E14sdr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E20dr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E20sdr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E30dr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E30sdr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E40dr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E40sdr-A Firmware | All versions |
| Omron | Sysmac Cp1e-E60sdr-A Firmware | All versions |
| Omron | Sysmac Cp1e-Na20dr-A Firmware | All versions |
| Omron | Sysmac Cp1e-Na20dt-D Firmware | All versions |
| Omron | Sysmac Cp1e-Na20dt1-D Firmware | All versions |
| Omron | Sysmac Cp1h-X40dr-A Firmware | All versions |
| Omron | Sysmac Cp1h-X40dt-D Firmware | All versions |
| Omron | Sysmac Cp1h-X40dt1-D Firmware | All versions |
| Omron | Sysmac Cp1h-Xa40dr-A Firmware | All versions |
| Omron | Sysmac Cp1h-Xa40dt-D Firmware | All versions |
| Omron | Sysmac Cp1h-Xa40dt1-D Firmware | All versions |
| Omron | Sysmac Cp1h-Y20dt-D Firmware | All versions |
| Omron | Sysmac Cp1l-El20dr-D Firmware | All versions |
| Omron | Sysmac Cp1l-Em30dr-D Firmware | All versions |
| Omron | Sysmac Cp1l-Em30dt-D Firmware | All versions |
| Omron | Sysmac Cp1l-Em30dt1-D Firmware | All versions |
| Omron | Sysmac Cp1l-Em40dr-D Firmware | All versions |
Showing 50 of 128 affected configurations. See NVD for the full list.
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01Third Party Advisory, US Government Resource
- https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdfMitigation, Vendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01Third Party Advisory, US Government Resource
- https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdfMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0811?
How severe is CVE-2023-0811?
How do I fix CVE-2023-0811?
Are you affected by CVE-2023-0811?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST