Vulnerability identifier: #VU23585
Vulnerability risk: High
Exploitation vector: Network
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists in the FINS communication protocol due to the FINS communication packet between a controller and a PLC may be monitored and it may invite replay attack using commands for the PLC. A remote attacker can cause opening and closing of industrial valves.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
Omron PLC CS series: All versions
Omron PLC CJ series: All versions
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?