### [CVE-2023-0811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0811)
![](https://img.shields.io/static/v1?label=Product&message=CJ1M%20SYSMAC%20CJ-series&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CJ1M%20SYSMAC%20CP-series&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CJ1M%20SYSMAC%20CS-series%20&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control%20&color=brighgreen)

### Description

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon