cbcvebase.
CVE-2022-34151
published 2022-07-04

CVE-2022-34151: Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7…

PriorityP277high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.09%
61.3th percentile
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.

Affected

57 ranges· showing 25
VendorProductVersion rangeFixed in
omronna5-12w_firmware<= 1.15
omronna5-15w_firmware<= 1.15
omronna5-7w_firmware<= 1.15
omronna5-9w_firmware<= 1.15
omronnj-pa3001_firmware<= 1.48
omronnj-pd3001_firmware<= 1.48
omronnj101-1000_firmware<= 1.48
omronnj101-1020_firmware<= 1.48
omronnj101-9000_firmware<= 1.48
omronnj101-9020_firmware<= 1.48
omronnj301-1100_firmware<= 1.48
omronnj301-1200_firmware< 1.481.48
omronnj501-1300_firmware<= 1.48
omronnj501-1320_firmware<= 1.48
omronnj501-1340_firmware<= 1.48
omronnj501-140_firmware<= 1.48
omronnj501-1420_firmware<= 1.48
omronnj501-1500_firmware<= 1.48
omronnj501-1520_firmware<= 1.48
omronnj501-4300_firmware<= 1.48
omronnj501-4310_firmware<= 1.48
omronnj501-4320_firmware<= 1.48
omronnj501-4400_firmware<= 1.48
omronnj501-4500_firmware<= 1.48
omronnj501-5300_firmware<= 1.48

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-34151 has a CVSS v3 base score of 9.4 (AV:N/AC:L/PR:N/UI:N) and public exploits are available. Prioritize detection of unauthenticated remote HTTP access to Omron controller CGI endpoints.
  • BADOMEN targets Omron NX/NJ series controllers. Anomalous communications to the controller's HTTP server from non-Sysmac Studio sources should be treated as suspicious, as BADOMEN mimics the same CGI endpoints used by legitimate Sysmac Studio software.
  • ·The hard-coded credentials are embedded in the affected Omron NX/NJ controller firmware and Sysmac Studio software. An attacker must first extract credentials by analyzing the affected product before exploiting this vulnerability remotely.
  • ·BADOMEN cannot manipulate Omron Safety Controllers in its current form, but Dragos assesses this is likely the next step in its development.
  • ·After a BADOMEN-induced controller crash, SD card restore may fail but can inadvertently re-enable Program Mode, allowing factory reset and logic restoration. Defenders should be aware recovery may be non-trivial.

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.1HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.