ICSA-23-108-01
Vulnerability from csaf_cisa - Published: 2023-04-20 15:30 - Updated: 2023-04-20 15:30Summary
Omron CS/CJ Series
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of this vulnerability could allow an attacker to access sensitive information in the file system and memory.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploits specifically target this vulnerability.
7.5 (High)
Vendor Fix
OMRON recommends users take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.
Vendor Fix
Enable the FINS write protection function.
Vendor Fix
Minimize connection of control systems and equipment to open networks preventing untrusted devices from accessing them.
Vendor Fix
Implement firewalls:
Vendor Fix
Shut down unused communications ports
Vendor Fix
Limit communications hosts
Vendor Fix
Limit access to FINS port (9600)
Vendor Fix
Isolate control systems and equipment from the IT network.
Vendor Fix
Use a virtual private network (VPN) for remote access to control systems and equipment.
Vendor Fix
Use strong passwords and change them frequently.
Vendor Fix
Install physical controls, only permitting authorized personnel access to control systems and equipment.
Vendor Fix
Use malware scanning tools to ensure safety of any USB drives or other portable devices before connecting them to control systems and devices.
Vendor Fix
Enforce multifactor authentication on all devices with remote access to control systems and equipment when possible.
Vendor Fix
Protect hosts with access to the control system against malware and Ensure installation and maintenance of up-to-date, antivirus software on hosts with access to control systems.
Vendor Fix
Complete validation processing, such as backup and range checks, to cope with unintentional modification of input/output data to control systems and devices.
Vendor Fix
Complete periodical data backup and maintenance to prepare for data loss.
Vendor Fix
For more information, see Omron’s Advisory.
https://www.ia.omron.com/product/vulnerability/OM…
References
Acknowledgments
Dragos
Reid Wightman
{
"document": {
"acknowledgments": [
{
"names": [
"Reid Wightman"
],
"organization": "Dragos",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow an attacker to access sensitive information in the file system and memory. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-23-108-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-108-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-108-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-108-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/Recommended-Practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://cisa.gov/ics"
}
],
"title": "Omron CS/CJ Series",
"tracking": {
"current_release_date": "2023-04-20T15:30:49.210862Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-108-01",
"initial_release_date": "2023-04-20T15:30:49.210862Z",
"revision_history": [
{
"date": "2023-04-20T15:30:49.210862Z",
"legacy_version": "1",
"number": "1",
"summary": "CSAF Creation Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CJ2H-CPU6[]-EIP: all versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SYSMAC CJ2H-CPU6[]-EIP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CJ2H-CPU6[]: all versions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SYSMAC CJ2H-CPU6[]"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CJ2M-CPU[][]: all versions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SYSMAC CJ2M-CPU[][]"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CJ1G-CPU[][]P: all versions",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SYSMAC CJ1G-CPU[][]P"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CS1H-CPU[][]H: all versions",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SYSMAC CS1H-CPU[][]H"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CS1G-CPU[][]H: all versions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SYSMAC CS1G-CPU[][]H"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CS1D-CPU[][]HA: all versions",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SYSMAC CS1D-CPU[][]HA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CS1D-CPU[][]H: all versions",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SYSMAC CS1D-CPU[][]H"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CS1D-CPU[][]SA: all versions",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SYSMAC CS1D-CPU[][]SA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CS1D-CPU[][]S: all versions",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "SYSMAC CS1D-CPU[][]S"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SYSMAC CS1D-CPU[][]P: all versions",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "SYSMAC CS1D-CPU[][]P"
}
],
"category": "vendor",
"name": "Omron"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45794",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "Omron CS/CJ series programmable logic controllers are missing authentication for the file system. This could allow an attacker to access the file system (via memory card or EM file memory) and obtain all available sensitive information. CVE-2022-45794 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45794"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "OMRON recommends users take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Enable the FINS write protection function.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Minimize connection of control systems and equipment to open networks preventing untrusted devices from accessing them.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Implement firewalls:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Shut down unused communications ports",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Limit communications hosts",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Limit access to FINS port (9600)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Isolate control systems and equipment from the IT network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Use a virtual private network (VPN) for remote access to control systems and equipment.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Use strong passwords and change them frequently.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Install physical controls, only permitting authorized personnel access to control systems and equipment.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Use malware scanning tools to ensure safety of any USB drives or other portable devices before connecting them to control systems and devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Enforce multifactor authentication on all devices with remote access to control systems and equipment when possible.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Protect hosts with access to the control system against malware and Ensure installation and maintenance of up-to-date, antivirus software on hosts with access to control systems.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Complete validation processing, such as backup and range checks, to cope with unintentional modification of input/output data to control systems and devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "Complete periodical data backup and maintenance to prepare for data loss.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
},
{
"category": "vendor_fix",
"details": "For more information, see Omron\u2019s Advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…