CVE-2023-27396
https://notcve.org/view.php?id=CVE-2023-27396
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later) • https://jvn.jp/en/ta/JVNTA91513661 https://jvn.jp/ta/JVNTA91513661 https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf https://www.us-cert.gov/ics/advisories/icsa-19-346-02 https://www.us-cert.gov/ics/advisories/icsa-20-063-03 • CWE-306: Missing Authentication for Critical Function •
CVE-2022-31207
https://notcve.org/view.php?id=CVE-2022-31207
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2022-31205
https://notcve.org/view.php?id=CVE-2022-31205
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. En los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, la contraseña de acceso a la Interfaz de Usuario Web es almacenada en el área de memoria D1449...D1452 y puede leerse mediante el protocolo FINS de Omron sin necesidad de ninguna otra autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-31204
https://notcve.org/view.php?id=CVE-2022-31204
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. Los PLC de las series CS, CJ y CP de Omron versiones hasta 18-05-2022, usan contraseñas en texto sin cifrar. Disponen de un ajuste de protección de UM que permite a usuarios o a integradores de sistemas configurar una contraseña para restringir las operaciones de ingeniería confidenciales (como las cargas y descargas de proyectos/lógicas). • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 https://www.forescout.com/blog • CWE-319: Cleartext Transmission of Sensitive Information •