CVE-2022-45790 HIGH

CVE-2022-45790: Omron FINS memory protection susceptible to bruteforce

Vendor Omron
Product CJ-series and CS-series CPU modules
Weakness CWE-307 · Brute force
Published January 22, 2024
Last update November 13, 2024

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

Key dates

02Disclosure timeline

January 22, 2024 CVE published
November 13, 2024 Record updated