CVE-2022-31205

Name of the Vulnerable Software and Affected Versions Omron CS series, CJ series, and CP series PLCs versions prior to 2022-05-18

Description The issue is related to the storage of the password for access to the Web UI in memory area D1449...D1452, which can be read out using the Omron FINS protocol without any further authentication. This is due to weaknesses in the authentication procedure of the Omron FINS protocol implementation in the SYSMAC CP series programmable logic controllers. An attacker could exploit this to gain unauthorized access to protected information.

Recommendations For Omron CS series, CJ series, and CP series PLCs versions prior to 2022-05-18, consider restricting access to the Omron FINS protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the Web UI and ensure that all access to the PLCs is properly authenticated and authorized. At the moment, there is no information about a newer version that contains a fix for this vulnerability.