Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Cleartext Transmission of Sensitive Information (CVE-2022-31204, CVE-2022-31207)

critical Tenable OT Security Plugin ID 500657

Synopsis

The remote OT asset may be affected by a vulnerability.

Description

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that was listed in the OT:ICEFALL report. Ensure your OT deployments follow best practices including accurate inventory, separation of environments, and monitoring. This plugin will trigger on any device seen by Tenable.OT that matches a family or model listed in the OT:ICEFALL report.

Note: All findings need to be manually verified based on the advisory from the vendor, once released.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product versions:

- CS1, v.4.1 or later
- CJ2M, v2.1 or later
- CJ2H, v1.5 or later
- CP1E/CP1H , v1.30 or later
- CP1L, v1.10 or later
- CX-Programmer, v9.6 or higher

For CVE-2022-31206: Omron intends to publish an update for SYSMAC NJ/NX in July 2022.

For CVE-2022-31207: Omron recommends users of SYSMAC CS/CJ/CP Series to use the PLC protection password and enable protection against unauthorized write access to address. Also, there are hardware DIP switches on the PLC which can prevent unauthorized PLC program changes regardless of password.

For CVE-2022-31205: Omron recommends using different passwords between the CP1W-CIF41 Ethernet Option Board and CP1 PLC itself. The Web UI password will not grant access to the PLC.

See Also

http://www.nessus.org/u?4901fbd6

https://www.cisa.gov/news-events/ics-advisories/icsa-22-179-02

https://www.forescout.com/research-labs/ot-icefall/

Plugin Details

Severity: Critical

ID: 500657

Version: 1.8

Type: remote

Family: Tenable.ot

Published: 6/22/2022

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-31207

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:omron:cj2h_plc, cpe:/h:omron:cj2m_plc, cpe:/o:omron:sysmac_cp1e_firmware, cpe:/o:omron:sysmac_cp1h_firmware, cpe:/o:omron:sysmac_cp1l_firmware

Required KB Items: Tenable.ot/Omron

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/22/2022

Reference Information

CVE: CVE-2022-31204, CVE-2022-31207