CVE-2023-38744

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38744
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU92193064/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:omron:cj2m-cpu35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu35:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:omron:cj2m-cpu34_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu34:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:omron:cj2m-cpu33_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu33:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:omron:cj2m-cpu32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu32:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:omron:cj2m-cpu31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2m-cpu31:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:omron:cj2h-cpu68-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu68-eip:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:omron:cj2h-cpu67-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu67-eip:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:omron:cj2h-cpu66-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu66-eip:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:omron:cj2h-cpu65-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu65-eip:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:omron:cj2h-cpu64-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj2h-cpu64-eip:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:omron:cs1w-eip21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cs1w-eip21:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:omron:cj1w-eip21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:omron:cj1w-eip21:-:*:*:*:*:*:*:*
Information

Published : 2023-08-03 05:15

Updated : 2023-08-11 21:01

NVD link : CVE-2023-38744

Mitre link : CVE-2023-38744

JSON object : View

Products Affected

omron

  • cj2h-cpu65-eip_firmware
  • cj2h-cpu68-eip_firmware
  • cj2h-cpu66-eip_firmware
  • cj2m-cpu35
  • cj1w-eip21_firmware
  • cj2m-cpu32_firmware
  • cj2h-cpu65-eip
  • cj2h-cpu67-eip_firmware
  • cs1w-eip21
  • cj2m-cpu35_firmware
  • cj2h-cpu67-eip
  • cj2m-cpu33_firmware
  • cj2h-cpu64-eip
  • cs1w-eip21_firmware
  • cj2h-cpu64-eip_firmware
  • cj2m-cpu31_firmware
  • cj2m-cpu33
  • cj2m-cpu34_firmware
  • cj2m-cpu32
  • cj2m-cpu31
  • cj2m-cpu34
  • cj1w-eip21
  • cj2h-cpu68-eip
  • cj2h-cpu66-eip
CWE
NVD-CWE-Other