CVE-2022-45790

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Omron FINS protocol (affected versions not specified)

Description The issue concerns the Omron FINS protocol's authenticated feature, which is intended to prevent access to memory regions. However, this authentication is susceptible to brute force attacks. An adversary could exploit this susceptibility to gain access to protected memory, potentially allowing them to overwrite values, including programmed logic. This could be achieved through a remote attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Restriction of Excessive Authentication Attempts

Resource Exhaustion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-400CWE-799CWE-404

Related Identifiers

BDU:2023-06574

CVE-2022-45790

Affected Products

Omron Fins Protocol

CVE-2022-45790

Weakness Enumeration

Related Identifiers

Affected Products

References · 9