CVE-2023-0811

Name of the Vulnerable Software and Affected Versions Omron CJ1M unit versions 4.0 and prior

Description The issue is related to improper access controls on the memory region where the UM password is stored. An adversary can issue a PROGRAM AREA WRITE command to a specific memory region, potentially overwriting the password. This could lead to disabling UM protections or setting a non-ASCII password, preventing an engineer from viewing or modifying the user program.

Recommendations For Omron CJ1M unit versions 4.0 and prior, consider restricting access to the PROGRAM AREA WRITE command to minimize the risk of exploitation. As a temporary workaround, limit the ability to modify the UM password to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.