CVE-2023-38744

Name: CVE-2023-38744
Creator: NVD / NIST
Published: 2023-08-03T05:15:10.417+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.65%

Last modified Jun 17, 2026

CVE-2023-38744 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.65%

46.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-1284

Affected Software

Vendor	Product	Versions
Omron	Cj2m-Cpu35 Firmware	<= 2.18
Omron	Cj2m-Cpu34 Firmware	<= 2.18
Omron	Cj2m-Cpu33 Firmware	<= 2.18
Omron	Cj2m-Cpu32 Firmware	<= 2.18
Omron	Cj2m-Cpu31 Firmware	<= 2.18
Omron	Cj2h-Cpu68-Eip Firmware	<= 3.04
Omron	Cj2h-Cpu67-Eip Firmware	<= 3.04
Omron	Cj2h-Cpu66-Eip Firmware	<= 3.04
Omron	Cj2h-Cpu65-Eip Firmware	<= 3.04
Omron	Cj2h-Cpu64-Eip Firmware	<= 3.04
Omron	Cs1w-Eip21 Firmware	<= 3.04
Omron	Cj1w-Eip21 Firmware	<= 3.04

References

https://jvn.jp/en/vu/JVNVU92193064/Third Party Advisory
https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdfVendor Advisory
https://jvn.jp/en/vu/JVNVU92193064/Third Party Advisory
https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdfVendor Advisory

Timeline

Published: Aug 3, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-38744?

How severe is CVE-2023-38744?

CVE-2023-38744 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.

How do I fix CVE-2023-38744?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-38744?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST