Omron Multiple Product Vulnerabilities

Act Now10ICS-CERT ICSA-15-274-01Jul 4, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Omron CX-Programmer software and CJ2M/CJ2H Series PLCs contain multiple vulnerabilities related to insufficient encryption (CWE-319) and insufficient password management (CWE-257). These affect versions CX-Programmer <9.6, CJ2M Series <2.1, and CJ2H Series <1.5. The vulnerabilities allow attackers to intercept or bypass authentication controls.

What this means

What could happen

An attacker could intercept unencrypted communications between engineering workstations and PLCs, or bypass password protections to gain unauthorized access to control logic and operational parameters. This could allow modification of process setpoints, logic, or halting of operations.

Who's at risk

Manufacturing facilities operating Omron CJ2M or CJ2H Series PLCs, and engineering teams using CX-Programmer software for PLC programming and maintenance. Facilities managing batch processes, assembly lines, or other automated equipment controlled by these PLCs should be concerned.

How it could be exploited

An attacker on the network segment between an engineering workstation and a PLC could intercept unencrypted traffic to capture credentials or control commands. Alternatively, an attacker could bypass weak password controls on the PLC itself to gain direct access to modify control logic or parameters without legitimate credentials.

Prerequisites

Network access to communications path between engineering workstation and PLC (network sniffing position)
Or direct network access to PLC management interface
CX-Programmer software or PLC running vulnerable versions

remotely exploitableno authentication required for some attack pathslow complexityno patch availableaffects control logic and operationshigh CVSS score (10.0)

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

CX-Programmer software: <9.6<9.6No fix (EOL)

CJ2M Series PLC: <2.1<2.1No fix (EOL)

CJ2H Series PLC: <1.5<1.5No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGDeploy network monitoring and access controls to restrict communication between engineering workstations and PLCs to authorized machines only

HARDENINGUse VPN or encrypted tunnels for any remote access to engineering workstations or PLC management interfaces

HARDENINGMonitor network traffic for unencrypted CX-Programmer communications and implement firewall rules to restrict access to PLC ports

HARDENINGEnsure strong password policies are enforced on all PLC devices and restrict local access to engineering/maintenance personnel only

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: CX-Programmer software: <9.6, CJ2M Series PLC: <2.1, CJ2H Series PLC: <1.5. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate PLC control networks from general IT infrastructure and untrusted networks

CVEs (3)

CVE-2015-0987 CVE-2015-0988 CVE-2015-1015

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c43499f3-75a8-47c0-807d-e3a7196d7387