FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
Published 2023-06-19 05:15:09
Updated 2023-06-30 17:08:07
Source JPCERT/CC
View at NVD,   CVE.org

Products affected by CVE-2023-27396

Max 200 conditions are displayed on this page, to prevent potential performance issues, please refer to NVD for more details.

Exploit prediction scoring system (EPSS) score for CVE-2023-27396

1.31%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-27396

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2023-27396

References for CVE-2023-27396

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!