CVE-2022-31207

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter.

Published: 2022-07-26 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-31207 is rated Moderate Risk (53.2/100): CVSS Critical severity, with low exploitation likelihood (EPSS 0.18%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-31207

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-02-11 0.08% 0.18% +0.10%
2 2025-11-21 0.46% 0.08% -0.38%
3 2025-11-18 0.46%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-31207

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.8 3.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 5.9 [email protected]

Weakness enumeration for CVE-2022-31207

Affected software / configurations for CVE-2022-31207

Vendor Product Version Raw CPE
omron sysmac_cs1_firmware < 4.1 cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*
omron sysmac_cj2m_firmware < 2.1 cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*
omron sysmac_cj2h_firmware < 1.5 cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*
omron sysmac_cp1e_firmware < 1.30 cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*
omron sysmac_cp1h_firmware < 1.30 cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*
omron sysmac_cp1l_firmware < 1.10 cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*
omron cp1w-cif41_firmware cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*

References for CVE-2022-31207

URL Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 Third Party Advisory US Government Resource
https://www.forescout.com/blog/ Third Party Advisory
cvelogic Threat Intelligence