The Japanese company Omron has recently released corrections for vulnerabilities in a programmable logical controller (PLC) and engineering software found by Dragos cybersecurity during an analysis of complicated malicious software.
Last year, the American CISA cybersecurity agency warned the organization about three vulnerabilities affecting the Omron NJ and NX series controllers. Dragos said that one of these vulnerabilities is the critical problem of the CVE-2022-34151, related to hard-programmed accounting data, was used to access the PLC OMRON and the goal of the industrial control system (ICS) called Pipedream (Incontroller).
Dragos determined that one of the components of the malicious Pipedream, Badomen, used the CVE-2022-34151 to interact with the HTTP server on the target controllers Omron NX/NJ. Badomen can be used for manipulations and calling failures in processes.
During the study of the malicious Badomen Dragos, she found additional vulnerabilities in Omron products. CISA and Omron issued recommendations, informing organizations about new vulnerabilities and accessibility of corrections.
In a report by SecurityWeek, Dragos reported that the vulnerabilities were not used by malicious software, and there is no evidence of their operation. CISA and Omron published three separate recommendations.
- One of them describes the vulnerability of a high level of hazard, cve-2022-45790 (CVSS: 7.5) in the PLC OMRON series CJ/CS/CP, using the FINS protocol subjected to attacks by the method Bubfort. (Source: CISA)
- Two other recommendations describe vulnerabilities in OMRON software: cve-2022-45793 (CVSS: 5.5) and cve-2018-1002205 (CVSS: 5.5). (Source: CISA, CISA)
Note that the Cybersecurity Agency and the protection of the US infrastructure (CISA) added eight new points to its catalog of well-known exploited vulnerabilities. The decision on the addition was made based on data on the active operation of these vulnerabilities by attackers.
The US Department of National Security