Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-38744

UNKNOWN
Published 2023-08-03T04:55:52.423Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-38744. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

OMRON Corporation

CJ2M CPU Unit

Affected Versions:

CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier
OMRON Corporation

CJ2H CPU Unit

Affected Versions:

CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier
OMRON Corporation

CS/CJ Series EtherNet/IP Unit

Affected Versions:

CS1W-EIP21 V3.04 and earlier
OMRON Corporation

CS/CJ Series EtherNet/IP Unit

Affected Versions:

CJ1W-EIP21 V3.04 and earlier
omron

cj2m_cpu_unit

Affected Versions:

0
omron

cj2h_cpu_unit

Affected Versions:

0
omron

cs_cj_series_ethernet_ip_unit

Affected Versions:

0 0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8262-vqgw-h22m

Advisory Details

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38744
WEB https://jvn.jp/en/vu/JVNVU92193064
WEB https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf

Advisory provided by GitHub Security Advisory Database. Published: August 3, 2023, Modified: April 4, 2024

References

https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf
https://jvn.jp/en/vu/JVNVU92193064/
Published: 2023-08-03T04:55:52.423Z
Last Modified: 2024-10-17T15:17:34.756Z
Copied to clipboard!