OTPulse
FeedAboutContact

Omron NJ/NX-series Machine Automation Controllers

Plan Patch7.5ICS-CERT ICSA-22-314-08Nov 10, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

Omron NJ/NX-series Machine Automation Controllers and related software contain authentication bypass vulnerabilities in their communications protocol (CWE-798: Use of Hardcoded Credentials, CWE-294: Authentication Using a Shared Secret). An attacker with network access can bypass authentication mechanisms to gain unauthorized login and operational control of the affected controllers. This affects NX7-series, NX1-series, NJ-series controllers, Sysmac Studio automation software, and NA-series Programmable Terminals. The vulnerability has been linked to APT cyber tools targeting industrial control systems.

What this means
What could happen
An attacker could bypass authentication to login and operate NJ/NX-series controllers without authorization, potentially modifying machine setpoints, halting production, or causing unsafe equipment states.
Who's at risk
Water and electric utilities, food/beverage processing, pharmaceutical manufacturing, and any facility using Omron NJ/NX machine automation controllers for critical production processes. Programmable terminals (NA-series) used for human-machine interface (HMI) operations are also affected. Sysmac Studio engineering workstations that program these controllers are at risk.
How it could be exploited
An attacker with network access to the controller's communications port can send specially crafted packets that bypass the authentication mechanism. Once authenticated, the attacker can use standard Omron control commands to change parameters or stop the machine.
Prerequisites
  • Network access to the controller's communications port (e.g., port 9600 for FINS protocol)
  • No valid credentials required
  • Knowledge of target controller model and firmware version
Remotely exploitable over networkNo authentication required for exploitationLow complexity attackNo patch available for affected versionsAffects process automation and control systemsRelated to APT cyber tool campaign targeting ICS/SCADA
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (5)
3 with fix2 pending
ProductAffected VersionsFix Status
NJ/NX-series Controllers and Software - NJ-series Machine Automation Controller (All Models):≤ 1.48No fix yet
NJ/NX-series Controllers and Software - NA-series Programable Terminal (NA5-15W, NA5-12W, NA5-9W, NA5-7W): Runtime≤ 1.15No fix yet
NJ/NX-series Controllers and Software - NX7-series Machine Automation Controller (All Models):≤ 1.281.29 or higher
NJ/NX-series Controllers and Software - NX1-series Machine Automation Controller (All Models):≤ 1.481.50 or higher
NJ/NX-series Controllers and Software - Automation Software Sysmac Studio (All Models):≤ 1.491.50 or higher
Remediation & Mitigation
0/16
Do now
0/6
HARDENINGIsolate affected controllers from untrusted networks and IT networks using firewalls and network segmentation
WORKAROUNDDisable unused communications ports on controllers and restrict host-to-host connections
HARDENINGDeploy VPN for any remote access to control systems
HARDENINGEnforce strong password policies and change default credentials
HARDENINGInstall and maintain up-to-date antivirus protection on all PCs accessing control systems
WORKAROUNDScan and validate all USB drives and external media for malware before connecting to systems
Schedule — requires maintenance window
0/6

Patching may require device reboot — plan for process interruption

HOTFIXUpdate NX7-series to firmware version 1.29 or higher
HOTFIXUpdate NX1-series to firmware version 1.50 or higher
HOTFIXUpdate NJ-series controllers (NJ501-1300, NJ501-1400, NJ501-1500) to version 1.49 or higher
HOTFIXUpdate all other NJ-series controllers to firmware version 1.50 or higher
HOTFIXUpdate Sysmac Studio automation software to version 1.50 or higher
HOTFIXUpdate NA-series Programmable Terminal runtime to version 1.16 or higher
Long-term hardening
0/4
HARDENINGImplement physical access controls to restrict authorized personnel only
HARDENINGEnforce multifactor authentication (MFA) on all devices with remote access capability
HARDENINGImplement process validation including range checks on input/output data to detect unauthorized modifications
HARDENINGConduct regular data backups and validate backup integrity for data recovery capability
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/2c6c776f-df86-4275-b690-75abbc25e9cc
Omron NJ/NX-series Machine Automation Controllers | CVSS 7.5 - OTPulse