Unauthenticated Password Disclosure in Omron PLCs

Unauthenticated Password Disclosure in Omron PLCs

CVE-2022-31205 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.

Learn more about our Web App Pen Testing.