CVE-2023-22357

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-489
View all →

Vulnerability Description

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.

Related Vulnerabilities

CVE-2019-10939

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS N...

CWE-4892019

CVE-2023-0954

CRITICAL
CVSS:9.8(Critical)

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.

CWE-4892023

CVE-2023-32645

CRITICAL
CVSS:9.8(Critical)

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker...

CWE-4892023

CVE-2023-34346

CRITICAL
CVSS:9.8(Critical)

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker ...

CWE-4892023

CVE-2023-4804

CRITICAL
CVSS:9.8(Critical)

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

CWE-4892023

CVE-2024-21785

CRITICAL
CVSS:9.8(Critical)

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorize...

CWE-4892024