CVE-2022-31204
published 2022-07-26CVE-2022-31204: Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.50%
39.1th percentile
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| omron | cx-programmer | < 9.6 | 9.6 |
| omron | sysmac_cj2h_firmware | < 1.5 | 1.5 |
| omron | sysmac_cj2m_firmware | < 2.1 | 2.1 |
| omron | sysmac_cp1e_firmware | < 1.30 | 1.30 |
| omron | sysmac_cp1h_firmware | < 1.30 | 1.30 |
| omron | sysmac_cp1l_firmware | < 1.10 | 1.10 |
| omron | sysmac_cs1_firmware | < 4.1 | 4.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
cisa_ics·2022-06-28·CVSS 7.5
[HIGH] Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Last RevisedJune 28, 2022
Alert CodeICSA-22-179-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Omron
- Equipment: SYSMAC CS/CJ/CP Series and NJ/NX Series
- Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Plaintext Storage of a Password
CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology (OT) vendors. CISA is issuing this advisory to
GHSA
GHSA-r7cc-f77m-gvjj: Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords
ghsa_unreviewed·2022-07-27
CVE-2022-31204 [HIGH] CWE-319 GHSA-r7cc-f77m-gvjj: Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Cleartext Transmission of Sensitive Information
mitre_cwe
CWE-319 Cleartext Transmission of Sensitive Information
CWE-319: Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Architecture and Design
Note: For hardware, this may be introduced when design does not plan for an attacker having physical access while a legitimate user is remotely operating the device.
Phase: Operation
Phase: System Configuration
Common Consequences:
Scope: Integrity, Confidentiality. Impact: Read Application Data, Modify Files or Directories. Anyone can read the information by gaining access to the channel being used
CWE
Insufficiently Protected Credentials
mitre_cwe
CWE-522 Insufficiently Protected Credentials
CWE-522: Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Gain Privileges or Assume Identity. An attacker could gain access to user accounts and access sensitive data used by the user accounts.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/com
2022-07-26
Published