[Japanese]

JVNDB-2022-002691

Multiple vulnerabilities in OMRON products

Overview

Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal (PT) NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function.
The vulnerabilities are as follows.

* Use of Hard-coded Credentials (CWE-798) - CVE-2022-34151
* Authentication Bypass by Capture-replay (CWE-294) - CVE-2022-33208
* Active Debug Code (CWE-489) - CVE-2022-33971

OMRON Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.4 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-34151


CVSS V3 Severity:
Base Metrics7.5 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-33208


CVSS V3 Severity:
Base Metrics8.3 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-33971
Affected Products


OMRON Corporation
  • Automation software "Sysmac Studio"
  • Programmable terminal (PT) NA series
  • Machine automation controller NJ series
  • Machine automation controller NX series

For the details regarding the affected products, model numbers, and version numbers, refer to OMRON's advisories.
OMRON also suggests user to see the respective products' manuals for the details regarding how to check the affected products, model numbers, and versions.
Impact

Impacts of each vulnerability are as follows.

* A remote attacker who successfully obtained the user credentials by analyzing the affected product may access the controller - CVE-2022-34151
* A remote attacker who can analyze the communication between the affected controller and automation software "Sysmac Studio" and/or a programmable terminal (PT) may access the controller - CVE-2022-33208
* An adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally may cause a denial-of-service (DoS) condition or execute a malicious program - CVE-2022-33971
Solution

[Update the Software]
OMRON states that the updates for the respective products will be released gradually, therefore users are suggested to contact OMRON sales representatives or distributors for the latest information regarding the updates.

* Inquiry from the users in Japan (in Japanese)
* Inquiry from the users outside Japan
* "Sysmac Studio" users are suggested to update the software to the latest versions using the installed Omron Automation Software AutoUpdate tool

Furthermore, it is recommended for the users to apply workarounds to mitigate the impacts of these vulnerabilities.
For the details of the workarounds, refer to OMRON's advisories.
Vendor Information

OMRON Corporation
CWE (What is CWE?)

  1. Authentication Bypass by Capture-replay(CWE-294) [Other]
  2. Active Debug Code(CWE-489) [Other]
  3. Use of Hard-coded Credentials(CWE-798) [Other]
CVE (What is CVE?)

  1. CVE-2022-34151
  2. CVE-2022-33208
  3. CVE-2022-33971
References

  1. JVN : JVNVU#97050784
  2. National Vulnerability Database (NVD) : CVE-2022-34151
  3. National Vulnerability Database (NVD) : CVE-2022-33208
  4. National Vulnerability Database (NVD) : CVE-2022-33971
  5. US-CERT National Cyber Awareness System Alerts : AA22-103A
Revision History

  • [2022/11/10]
      Web page was published