Vulnerabilities > CVE-2022-45790 - Improper Restriction of Excessive Authentication Attempts vulnerability in Omron products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05
- https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
- https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
- https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf
- https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf