Published:2022/07/01  Last Updated:2022/11/08

JVNVU#97050784
Multiple vulnerabilities in OMRON products

Overview

Machine automation controller NJ/NX series, automation software "Sysmac Studio", and programmable terminal (PT) NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function.

Products Affected

  • Machine automation controller NJ series
  • Machine automation controller NX series
  • Automation software "Sysmac Studio"
  • Programmable terminal (PT) NA series
For the details regarding the affected products, model numbers, and version numbers, refer to OMRON's advisories.
OMRON also suggests user to see the respective products' manuals for the details regarding how to check the affected products, model numbers, and versions.

Description

Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal (PT) NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function.
The vulnerabilities are as follows.

  • Use of Hard-coded Credentials (CWE-798) - CVE-2022-34151
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H Base Score: 9.4
  • Authentication Bypass by Capture-replay (CWE-294) - CVE-2022-33208
    CVSS v3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.5
  • Active Debug Code (CWE-489) - CVE-2022-33971
    CVSS v3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Base Score: 8.3

Impact

Impacts of each vulnerability are as follows.

  • A remote attacker who successfully obtained the user credentials by analyzing the affected product may access the controller - CVE-2022-34151
  • A remote attacker who can analyze the communication between the affected controller and automation software "Sysmac Studio" and/or a programmable terminal (PT) may access the controller - CVE-2022-33208
  • An adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally may cause a denial-of-service (DoS) condition or execute a malicious program - CVE-2022-33971

Solution

Update the Software
OMRON states that the updates for the respective products will be released gradually, therefore users are suggested to contact OMRON sales representatives or distributors for the latest information regarding the updates.

Furthermore, it is recommended for the users to apply workarounds to mitigate the impacts of these vulnerabilities.
For the details of the workarounds, refer to OMRON's advisories.

Vendor Status

Vendor Link
OMRON Corporation Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers
Malicious program execution vulnerability in NJ/NX- series Machine Automation Controllers

References

  1. National Cyber Awareness System Alert (AA22-103A)
    APT Cyber Tools Targeting ICS/SCADA Devices

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

OMRON Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2022-34151
CVE-2022-33208
CVE-2022-33971
JVN iPedia

Update History

2022/07/05
Fixed the typo under the section [Products Affected] and [Impact].
2022/11/08
Information under the section [Description] was updated.