CRITICAL🇵🇱 Wersja polska

CVE-2022-31206

CVSS 9.8v3.1pub. 2022-07-26upd. 2024-11-21

The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Omron Nj101 1000

    HW
    Omron
    wszystkie wersje
  • Omron Nj101 1000 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj101 1020

    HW
    Omron
    wszystkie wersje
  • Omron Nj101 1020 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj101 9000

    HW
    Omron
    wszystkie wersje
  • Omron Nj101 9000 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj101 9020

    HW
    Omron
    wszystkie wersje
  • Omron Nj101 9020 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj301 1100

    HW
    Omron
    wszystkie wersje
  • Omron Nj301 1100 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj301 1200

    HW
    Omron
    wszystkie wersje
  • Omron Nj301 1200 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 1300

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 1300 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 1320

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 1320 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 1340

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 1340 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 1400

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 1400 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 1420

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 1420 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 1500

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 1500 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 1520

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 1520 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 4300

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 4300 Firmware

    OS
    Omron
    < 1.49
  • Omron Nj501 4320

    HW
    Omron
    wszystkie wersje
  • Omron Nj501 4320 Firmware

    OS
    Omron
    < 1.49
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-33687HIGH7.5ten sam produkt

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series C...

CVE-2022-33208HIGH8.1ten sam produkt

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all mo...

CVE-2022-33971HIGH7.5ten sam produkt

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all m...

CVE-2022-34151HIGH8.1ten sam produkt

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.4...

CVE-2023-27396CRITICAL9.8ten sam vendor

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in ...