Vulnerabilities > CVE-2023-22357 - Unspecified vulnerability in Omron Cp1L-El20Dr-D Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

omron

critical

NVD

Published: 2023-01-17

Updated: 2023-01-24

Summary

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
OS	Omron Omron Cp1L El20Dr D Firmware *	1
Hardware	Omron Omron Cp1L El20Dr D -	1

References

https://jvn.jp/en/vu/JVNVU97575890/index.html