CVE-2023-27396
CVE-2023-27396 is a critical-severity vulnerability in Omron Cs1w-eip21 Firmware with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-306.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- EPSS exploit prediction: 1% (69th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-306
- Affected product: Omron Cs1w-eip21 Firmware
- Published:
- Last modified:
Description
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
Frequently asked questions
- What is CVE-2023-27396?
- FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
- How severe is CVE-2023-27396?
- CVE-2023-27396 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2023-27396 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (69th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-27396?
- CVE-2023-27396 primarily affects Omron Cs1w-eip21 Firmware. In total, 271 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2023-27396?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2023-27396 published?
- CVE-2023-27396 was published on 2023-06-19 and last updated on 2026-06-17.
References
- https://jvn.jp/en/ta/JVNTA91513661/
- https://jvn.jp/ta/JVNTA91513661/
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02
- https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf
- https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-346-02
- https://www.us-cert.gov/ics/advisories/icsa-20-063-03
Affected products (271)
- cpe:2.3:o:omron:cs1w-eip21_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-spu01-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-spu02-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-etn21_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-clk_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-fln22_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-drm21-v1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-nc271_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-nc471_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cs1w-ncf71_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu35_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu34_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu33_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu32_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu31_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu15_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu14_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu13_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu12_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-cpu11_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp1w-cif01_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp1w-cif11_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp1w-cif12-v1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-md211_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2m-md212_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu68-eip_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu67-eip_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu66-eip_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu65-eip_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu64-eip_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu68_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu67_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu66_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu65_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cj2h-cpu64_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp2e-n14dr-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp2e-n14dt-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp2e-n14dr-d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp2e-n14dt-d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:omron:cp2e-n14dt1-d_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Omron Cs1w-eip21 Firmware
- CVE-2023-38744 — High (CVSS 7.5): Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the…
All CVEs affecting Omron Cs1w-eip21 Firmware →
Other CWE-306 (Missing Authentication for Critical Function) vulnerabilities
- CVE-2026-54309 — Critical (CVSS 10.0): n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP…
- CVE-2026-50242 — Critical (CVSS 10.0): In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429…
- CVE-2026-49257 — Critical (CVSS 10.0): mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1…
- CVE-2026-46846 — Critical (CVSS 10.0): Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).…
- CVE-2026-46803 — Critical (CVSS 10.0): Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).…
- CVE-2026-46800 — Critical (CVSS 10.0): Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).…
Browse all CWE-306 (Missing Authentication for Critical Function) vulnerabilities →