Denial-of-Service Vulnerability in CJ Series and CS/CJ Series EtherNet/IP Units by Omron
CVE-2023-38744

7.5HIGH

Key Information:

Vendor: Omron Corporation
Status: Cj2m Cpu Unit; Cj2h Cpu Unit; Cs/cj Series Ethernet/ip Unit
Vendor: CVE Published:; 3 August 2023

🔔 Create Omron Corporation Vulnerability Alert

What is CVE-2023-38744?

A denial-of-service vulnerability exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication functions of the CS/CJ Series EtherNet/IP units. This vulnerability allows a remote unauthenticated attacker to send specially crafted packets to the affected units, potentially causing them to become unresponsive and disrupt network operations. The affected products include the CJ2M CPU Unit with version 2.18 and earlier, the CJ2H CPU Unit with version 3.04 and earlier, and the CS/CJ Series EtherNet/IP units including CS1W-EIP21 and CJ1W-EIP21, both with version 3.04 and earlier. Organizations using these products should implement necessary measures to mitigate potential risks.

Affected Version(s)

CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier

CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier

CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier

References

https://www.ia.omron.com/product/vulnerability/OMSR-2023-...

https://jvn.jp/en/vu/JVNVU92193064/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 25, 2023