๐Ÿ” CVE Alert

CVE-2023-27396

CRITICAL 9.8
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)

Vendor omron corporation
Product multiple omron products which implement fins protocol
Published Jun 19, 2023
Last Updated Dec 24, 2024
Stay Ahead of the Next One

Get instant alerts for omron corporation multiple omron products which implement fins protocol

Be the first to know when new critical vulnerabilities affecting omron corporation multiple omron products which implement fins protocol are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

OMRON Corporation / Multiple OMRON products which implement FINS protocol
SYSMAC CS-series CPU Units all versions, SYSMAC CJ-series CPU Units all versions, SYSMAC CP-series CPU Units all versions, SYSMAC NJ-series CPU Units all versions, SYSMAC NX1P-series CPU Units all versions, SYSMAC NX102-series CPU Units all versions, and SYSMAC NX7 Database Connection CPU Units Ver.1.16 or later

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
us-cert.gov: https://www.us-cert.gov/ics/advisories/icsa-19-346-02 ia.omron.com: https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf fa.omron.co.jp: https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf jvn.jp: https://jvn.jp/en/ta/JVNTA91513661/ jvn.jp: https://jvn.jp/ta/JVNTA91513661/ us-cert.gov: https://www.us-cert.gov/ics/advisories/icsa-20-063-03 cisa.gov: https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02