{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-38744","assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","state":"PUBLISHED","assignerShortName":"jpcert","dateReserved":"2023-07-25T03:05:55.191Z","datePublished":"2023-08-03T04:55:52.423Z","dateUpdated":"2024-10-17T15:17:34.756Z"},"containers":{"cna":{"affected":[{"vendor":"OMRON Corporation","product":"CJ2M CPU Unit","versions":[{"version":"CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier","status":"affected"}]},{"vendor":"OMRON Corporation","product":"CJ2H CPU Unit","versions":[{"version":"CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier","status":"affected"}]},{"vendor":"OMRON Corporation","product":"CS/CJ Series EtherNet/IP Unit","versions":[{"version":"CS1W-EIP21 V3.04 and earlier","status":"affected"}]},{"vendor":"OMRON Corporation","product":"CS/CJ Series EtherNet/IP Unit","versions":[{"version":"CJ1W-EIP21 V3.04 and earlier","status":"affected"}]}],"descriptions":[{"lang":"en","value":"Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier."}],"problemTypes":[{"descriptions":[{"description":"Denial-of-service (DoS)","lang":"en","type":"text"}]}],"references":[{"url":"https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf"},{"url":"https://jvn.jp/en/vu/JVNVU92193064/"}],"providerMetadata":{"orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert","dateUpdated":"2023-08-03T04:55:52.423Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T17:54:38.498Z"},"title":"CVE Program Container","references":[{"url":"https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf","tags":["x_transferred"]},{"url":"https://jvn.jp/en/vu/JVNVU92193064/","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1284","lang":"en","description":"CWE-1284 Improper Validation of Specified Quantity in Input"}]}],"affected":[{"vendor":"omron","product":"cj2m_cpu_unit","cpes":["cpe:2.3:h:omron:cj2m_cpu_unit:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"2.18","versionType":"custom"}]},{"vendor":"omron","product":"cj2h_cpu_unit","cpes":["cpe:2.3:h:omron:cj2h_cpu_unit:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"3.04","versionType":"custom"}]},{"vendor":"omron","product":"cs_cj_series_ethernet_ip_unit","cpes":["cpe:2.3:h:omron:cs_cj_series_ethernet_ip_unit:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"CS1W-EIP21 V3.04","versionType":"custom"},{"version":"0","status":"affected","lessThan":"CJ1W-EIP21 V3.04","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-17T15:04:47.223773Z","id":"CVE-2023-38744","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-17T15:17:34.756Z"}}]}}