CVE-2022-31206

Published Jul 26, 2022
Last updated 2 years ago
CVSS critical 9.8
Overview

Description: The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
Weaknesses

nvd@nist.gov: CWE-347
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nx701-1600_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4F12068-1901-4BBF-972E-E1675987EE35",
            "versionEndExcluding": "1.29"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nx701-1600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A613C260-184B-4131-B2EC-656D8322F86B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nx701-1620_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F9094BC-9085-4BC8-89A4-DDD35B87CDD8",
            "versionEndExcluding": "1.29"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nx701-1620:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "210D7FA7-18A3-45B7-976B-9DEDC59294C7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nx701-1700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A5FC714-3B8F-471E-B57E-9283259695CF",
            "versionEndExcluding": "1.29"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nx701-1700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "753A218D-C738-42E5-B523-ED7CACCAEC82"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nx701-1720_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52701918-BD60-475B-8963-8544FB9BC1E4",
            "versionEndExcluding": "1.29"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nx701-1720:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2434BE7E-3E5D-48A9-838C-BCC6055135F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nx701-z600_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "450F2854-E366-4D70-8B7E-44140590F59B",
            "versionEndExcluding": "1.29"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nx701-z600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "90B7C106-4C14-4C0A-BA78-9A3DD63EF576"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nx701-z700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBB2AA45-8B9B-4376-AA9E-1241DA568608",
            "versionEndExcluding": "1.29"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nx701-z700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "36F25E10-A76C-4A16-B72B-4B9E572EDBAB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj101-1000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46296F6D-FFE5-4BFD-859D-C5518AA273BD",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj101-1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E5A77DA0-B22A-4C26-8E64-6F272CD420A3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj101-1020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FBB178B-ABF6-48B6-9A73-F99F8C3E88DF",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj101-1020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8A75CF5D-0ADE-448E-BF3C-8E2C268EE1BD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj101-9000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91C5A297-8C80-4A4D-849B-AB91BADDFB5F",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj101-9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E3883A8C-C4EC-45F0-B164-0BADFF91E361"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj101-9020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1712FCB6-4759-4124-9AC8-3DC8C5173B45",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj101-9020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8696CE8A-C041-4EED-888B-36F2E499E67A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj301-1100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "867EA94A-2DE2-473A-9EF5-4C4F84A949DF",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj301-1100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D92B425-000A-4A85-820E-E16B8AFF06B8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj301-1200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C29A7920-4D29-4143-A8A7-A9B00B4C8038",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj301-1200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D279907-5CF4-416F-BE78-300FD52B5B2D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-1300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A92B074-662B-4FB1-BEDC-7CE51360F63E",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-1300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2917E7F0-DAA8-4D3B-A5E4-FB0ACAEF02C5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-1320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "313049B9-C0CF-4D50-A083-BF83001DF7E4",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-1320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "69D21068-A51D-48B2-BF17-68BC61737EBC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-1340_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2079887D-43D8-4FFF-A54F-FA7357DC47FF",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-1340:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B381AE4-A769-403A-97FA-14FA5F8122CC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-1400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88CFCB1-79AC-4A90-8D1C-2E71B5E37797",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-1400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E25F4D25-6ED0-41DD-B202-98F75FA092CD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-1420_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E0C31B-AD01-4056-8201-C38FF55B114A",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-1420:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "148C6AE8-1480-4822-8E0B-1E8575246878"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-1500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAC9F6F9-6988-494D-BAD4-0D851BD15EBD",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-1500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD281699-D123-4301-9EDF-4BE249E24FF8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-1520_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C74AC275-2592-4A76-9A50-18620FAFD8D8",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-1520:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CBBE1648-D428-4A43-831D-AB3AF3F05739"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-4300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4F00EEA-9D04-4D7A-BD3E-11530FB492A7",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-4300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EB77802D-96CB-49DB-A912-9DB901130F08"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-4320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DE6230B-7F01-4F94-A7EA-675B63BF82E5",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-4320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "060083B0-E9E5-4694-94AB-3517B4B6E0C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-4400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3473072F-6535-44A7-AA5C-4DAF8C635E7C",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-4400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D53224A-F4AE-42D5-9CE6-C46892BD658D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-4500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E32817C5-322A-40C6-A38D-CED8312EB350",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-4500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7E8F99DC-4992-4141-AD76-B8A0A690AD4D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-5300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAB2C973-C5E1-4F4A-9390-BF0544FC0286",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-5300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1FEF30DD-FCF0-499E-B5C2-4184C9A7E9D8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:nj501-5300-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FEFCEAD-F811-41DC-9493-648ED9DE48E5",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:omron:nj501-5300-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D5EC53CE-17CD-428E-A750-A323BF5F0ABE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
