Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_OMRON_CVE-2022-31205.NASLHistoryMay 22, 2023 - 12:00 a.m.
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Plaintext Storage of a Password (CVE-2022-31205)
2023-05-2200:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
omron sysmac
password storage
vulnerability
web ui
fins protocol
tenable.ot
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449…D1452 and can be read out using the Omron FINS protocol without any further authentication.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501148);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-31205");
script_name(english:"Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Plaintext Storage of a Password (CVE-2022-31205)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"In Omron CS series, CJ series, and CP series PLCs through 2022-05-18,
the password for access to the Web UI is stored in memory area
D1449...D1452 and can be read out using the Omron FINS protocol
without any further authentication.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.forescout.com/blog/");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product
versions:
- CS1, v.4.1 or later
- CJ2M, v2.1 or later
- CJ2H, v1.5 or later
- CP1E/CP1H , v1.30 or later
- CP1L, v1.10 or later
- CX-Programmer, v9.6 or higher
For CVE-2022-31206: Omron intends to publish an update for SYSMAC NJ/NX in July 2022.
For CVE-2022-31207: Omron recommends users of SYSMAC CS/CJ/CP Series to use the PLC protection password and enable
protection against unauthorized write access to address. Also, there are hardware DIP switches on the PLC which can
prevent unauthorized PLC program changes regardless of password.
For CVE-2022-31205: Omron recommends using different passwords between the CP1W-CIF41 Ethernet Option Board and CP1 PLC
itself. The Web UI password will not grant access to the PLC.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31205");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(522);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/26");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:omron:sysmac_cp1e_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:omron:sysmac_cp1h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:omron:sysmac_cp1l_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Omron");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Omron');
var asset = tenable_ot::assets::get(vendor:'Omron');
var vuln_cpes = {
"cpe:/o:omron:sysmac_cp1e_firmware" :
{"versionEndExcluding" : "1.30", "family" : "CP"},
"cpe:/o:omron:sysmac_cp1h_firmware" :
{"versionEndExcluding" : "1.30", "family" : "CP"},
"cpe:/o:omron:sysmac_cp1l_firmware" :
{"versionEndExcluding" : "1.10", "family" : "CP"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| omron | sysmac_cp1e_firmware | cpe:/o:omron:sysmac_cp1e_firmware | |
| omron | sysmac_cp1h_firmware | cpe:/o:omron:sysmac_cp1h_firmware | |
| omron | sysmac_cp1l_firmware | cpe:/o:omron:sysmac_cp1l_firmware |
Related
ics
ics
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
2022-06-28 12:00:00
nessus
nessus
prion
prion
Authentication flaw
2022-07-26 22:15:00
Default credentials
2022-07-26 22:15:00
Design/Logic Flaw
2022-07-26 22:15:00
cve
cve
cvelist
cvelist
nvd
nvd
thn
thn
Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors
2022-06-21 11:25:00
8.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
62.3%
Related for TENABLE_OT_OMRON_CVE-2022-31205.NASL