var-202304-1903
Vulnerability from variot
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is " FINS header"" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-1903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp1w-cn811",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ext01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4310",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-drm21-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cj2m-cpu33",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts101",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da021",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu12",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad42",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1420",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu66-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu31",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-srt21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1620",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cj2m-cpu11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts002",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts102",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e60sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md211",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-dab21v",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-y20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1040dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu68",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-5300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd3",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2w-cifd1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu65",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif41",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif12-v1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu32",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts004",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1040dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pa3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-etn21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1w-dam01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu35",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1340",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu01-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1w-40edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ad041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8ed",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edr1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1120",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-em30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc471",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e30sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx701-1720",
"scope": "gte",
"trust": 1.0,
"vendor": "omron",
"version": "1.16"
},
{
"model": "cp2e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1520",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-16er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu13",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu67",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-nc271",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts003",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj-pd3001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-adb21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8et",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-cif01",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-fln22",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "nj501-1300",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-me05m",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-r500",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad44",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da041",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mab221",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-x40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-20edt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu64",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-40edr",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-32et1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l14dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-9024dt",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-4320",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-l20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-eip21",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1l-l20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-md212",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu34",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj101-9000",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1h-xa40dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e20sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e10dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj501-1400",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-spu02-v2",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp1l-l10dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-ts001",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-el20dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-mad11",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-8er",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-e30dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1200",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu15",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dt1-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-ncf71",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2h-cpu66",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-na20dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n60dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nj301-1100",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40s1dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-s40dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1w-da042",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n30dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n14dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n60dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n40sdr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1l-m30dt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-1220",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cj2m-cpu14",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp1e-n14dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n20dt1-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx102-9020",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cs1w-clk",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": "*"
},
{
"model": "cp2e-e14dr-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dr-d",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "cp2e-n40dt-a",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "nx1p2-1140dt1",
"scope": "eq",
"trust": 1.0,
"vendor": "omron",
"version": null
},
{
"model": "sysmac nx1p \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx7 \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u63a5\u7d9a cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cs \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cp \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac cj \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "sysmac nx102 \u30b7\u30ea\u30fc\u30ba cpu \u30e6\u30cb\u30c3\u30c8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"cve": "CVE-2023-27396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-27396",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-27396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27396",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-27396",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is \" FINS header\"\" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "VULMON",
"id": "CVE-2023-27396"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27396",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-179-02",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU91952379",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91000130",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97111518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27396",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"id": "VAR-202304-1903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T12:30:47.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Implemented in multiple Omron products \u00a0FINS\u00a0 Known Issues in Protocol",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf"
},
{
"title": "Omron SYSMAC CS/CJ/CP Series Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244012"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [ others ]",
"trust": 0.8
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate verification of data reliability (CWE-345) [ others ]",
"trust": 0.8
},
{
"problemtype": " Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inadequate restrictions on external operations (CWE-412) [ others ]",
"trust": 0.8
},
{
"problemtype": " Improper control of interaction frequency (CWE-799) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.fa.omron.co.jp/product/vulnerability/omsr-2023-003_ja.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/ta/jvnta91513661/"
},
{
"trust": 1.7,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2023-003_en.pdf"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91000130/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91952379/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97111518/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27396"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27396/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-001534.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2023-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2023-06-19T05:15:09.187000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27396"
},
{
"date": "2024-05-23T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-001534"
},
{
"date": "2023-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1396"
},
{
"date": "2023-06-30T17:08:06.930000",
"db": "NVD",
"id": "CVE-2023-27396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FINS\u00a0 About security issues in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1396"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.