CVE-2023-38744

Name of the Vulnerable Software and Affected Versions CJ2M CPU Unit versions 2.18 and earlier CJ2H CPU Unit versions 3.04 and earlier CS/CJ Series EtherNet/IP Unit CS1W-EIP21 versions 3.04 and earlier CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 versions 3.04 and earlier

Description A denial-of-service (DoS) issue exists due to improper validation of a specified type of input in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a specially crafted packet from a remote unauthenticated attacker, it may fall into a denial-of-service condition.

Recommendations For CJ2M CPU Unit versions 2.18 and earlier, update to a version later than 2.18 to resolve the issue. For CJ2H CPU Unit versions 3.04 and earlier, update to a version later than 3.04 to resolve the issue. For CS/CJ Series EtherNet/IP Unit CS1W-EIP21 versions 3.04 and earlier, update to a version later than 3.04 to resolve the issue. For CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 versions 3.04 and earlier, update to a version later than 3.04 to resolve the issue. As a temporary workaround, consider restricting access to the EtherNet/IP port to minimize the risk of exploitation.