Published:2024/03/07  Last Updated:2024/03/07

JVNVU#95852116
OMRON NJ/NX series vulnerable to path traversal

Overview

OMRON NJ/NX series contain a path traversal vulnerability.

Products Affected

  • Machine Automation Controller NJ Series
    • NJ101-[][][][] Ver.1.64.03 and earlier
    • NJ301-[][][][] Ver.1.64.00 and earlier
    • NJ501-1[]0[] Ver.1.64.03 and earlier
    • NJ501-1[]2[] Ver.1.64.00 and earlier
    • NJ501-1340 Ver.1.64.00 and earlier
    • NJ501-4[][][] Ver.1.64.00 and earlier
    • NJ501-5300 Ver.1.64.00 and earlier
    • NJ501-R[][][] Ver.1.64.00 and earlier
  • Machine Automation Controller NX Series
    • NX1P2-[][][][][][] Ver.1.64.00 and earlier
    • NX1P2-[][][][][][]1 Ver.1.64.00 and earlier
    • NX102-[][][][] Ver.1.64.00 and earlier
    • NX502-[][][][] Ver.1.65.01 and earlier
    • NX701-[][][][] Ver.1.35.00 and earlier
    • NX-EIP201 Ver.1.00.01 and earlier
As for the details of the affected products/models/versions, refer to the information provided by the developer.

Description

Machine Automation Controller NJ/NX series provided by OMRON Corporation contain a path traversal vulnerability (CWE-22, CVE-2024-27121).

Impact

An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege.

Solution

The developer states that the updates that contain a fix for this vulnerability are scheduled to be released in April 2024.

Apply the workarounds
The developer recommends that users apply the following workarounds to mitigate the impact of this vulnerability.

  • Use "Secure Communication Function" which is implemented in the following products/versions
    • NJ series, NX102, NX1P2 CPU Unit Ver.1.49 and later
    • NX701 CPU Unit Ver.1.29 and later
    • NX502 CPU Unit Ver.1.60 and later
    • NX-EIP201 Ver.1.00 and later
  • Restrict access from the untrusted devices and only allow limited network accesses
  • Isolate from IT network by placing firewall (block the unused communication ports, restrict communication hosts, etc.)
  • Use Virtual Private Network (VPN)
For more information, refer to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score: 7.2
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-27121
JVN iPedia