CVE-2023-22357
Summary
| CVE | CVE-2023-22357 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-17 10:15:00 UTC |
| Updated | 2023-01-24 21:00:00 UTC |
| Description | Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Omron | Cp1l-el20dr-d | - | All | All | All |
| Operating System | Omron | Cp1l-el20dr-d Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| JVNVU#97575890: Active debug code vulnerability in OMRON CP1L-EL20DR-D | MISC | jvn.jp | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591349 Omron CP1L-EL20DR-D Active debug code Vulnerability (JVNVU97575890)