9.8

CVE-2022-31206

EPSS 0.11%
Veröffentlicht 26.07.2022 22:15:11
Zuletzt bearbeitet 21.11.2024 07:04:07
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Omron ≫ Nx701-1600 Firmware Version < 1.29

Omron ≫ Nx701-1600 Version-

Omron ≫ Nx701-1620 Firmware Version < 1.29

Omron ≫ Nx701-1620 Version-

Omron ≫ Nx701-1700 Firmware Version < 1.29

Omron ≫ Nx701-1700 Version-

Omron ≫ Nx701-1720 Firmware Version < 1.29

Omron ≫ Nx701-1720 Version-

Omron ≫ Nx701-z600 Firmware Version < 1.29

Omron ≫ Nx701-z600 Version-

Omron ≫ Nx701-z700 Firmware Version < 1.29

Omron ≫ Nx701-z700 Version-

Omron ≫ Nj101-1000 Firmware Version < 1.49

Omron ≫ Nj101-1000 Version-

Omron ≫ Nj101-1020 Firmware Version < 1.49

Omron ≫ Nj101-1020 Version-

Omron ≫ Nj101-9000 Firmware Version < 1.49

Omron ≫ Nj101-9000 Version-

Omron ≫ Nj101-9020 Firmware Version < 1.49

Omron ≫ Nj101-9020 Version-

Omron ≫ Nj301-1100 Firmware Version < 1.49

Omron ≫ Nj301-1100 Version-

Omron ≫ Nj301-1200 Firmware Version < 1.49

Omron ≫ Nj301-1200 Version-

Omron ≫ Nj501-1300 Firmware Version < 1.49

Omron ≫ Nj501-1300 Version-

Omron ≫ Nj501-1320 Firmware Version < 1.49

Omron ≫ Nj501-1320 Version-

Omron ≫ Nj501-1340 Firmware Version < 1.49

Omron ≫ Nj501-1340 Version-

Omron ≫ Nj501-1400 Firmware Version < 1.49

Omron ≫ Nj501-1400 Version-

Omron ≫ Nj501-1420 Firmware Version < 1.49

Omron ≫ Nj501-1420 Version-

Omron ≫ Nj501-1500 Firmware Version < 1.49

Omron ≫ Nj501-1500 Version-

Omron ≫ Nj501-1520 Firmware Version < 1.49

Omron ≫ Nj501-1520 Version-

Omron ≫ Nj501-4300 Firmware Version < 1.49

Omron ≫ Nj501-4300 Version-

Omron ≫ Nj501-4320 Firmware Version < 1.49

Omron ≫ Nj501-4320 Version-

Omron ≫ Nj501-4400 Firmware Version < 1.49

Omron ≫ Nj501-4400 Version-

Omron ≫ Nj501-4500 Firmware Version < 1.49

Omron ≫ Nj501-4500 Version-

Omron ≫ Nj501-5300 Firmware Version < 1.49

Omron ≫ Nj501-5300 Version-

Omron ≫ Nj501-5300-1 Firmware Version < 1.49

Omron ≫ Nj501-5300-1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.301

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-31206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31206

EUVD