Improper Access Controls on UM Password Storage in Omron CJ1M Unit v4.0 and Prior

Improper Access Controls on UM Password Storage in Omron CJ1M Unit v4.0 and Prior

CVE-2023-0811 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.

Learn more about our User Device Pen Test.