OTPulse
FeedAboutContact

Omron CJ/CS/CP Series

Plan Patch7.5ICS-CERT ICSA-23-262-05Sep 19, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Omron CJ2H, CJ2M, CJ1G, CS1H, CS1G, CS1D, and CP1E series PLCs allows unauthenticated remote attackers to read sensitive information from device memory. The vulnerability has a CVSS score of 7.5 (high) and affects confidentiality but not integrity or availability. Smart Security Manager versions 1.31 through 1.5 are also vulnerable with no fix planned.

What this means
What could happen
An attacker could read sensitive information from memory on Omron PLCs, potentially exposing configuration data, credentials, or process parameters used to control water treatment, power distribution, or similar critical operations.
Who's at risk
Water authorities and utilities operating Omron CJ, CS, and CP series PLCs for process control should prioritize this issue. These controllers are commonly used in SCADA systems, wastewater treatment, power distribution automation, and other critical infrastructure. Smart Security Manager is also affected if deployed for controller management.
How it could be exploited
An attacker with network access to the PLC could send a crafted request to the device to trigger memory disclosure. No authentication or user interaction is required to exploit this vulnerability.
Prerequisites
  • Network access to the affected Omron PLC on ports used by the control system (typically 502 for Modbus or 44818 for EtherCAT)
  • Device must be running a vulnerable firmware version
remotely exploitableno authentication requiredlow complexityhigh CVSS score (7.5)affects industrial control systems
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (8)
6 with fix2 EOL
ProductAffected VersionsFix Status
CJ2H-CPU**(-EIP): <= 1.4≤ 1.41.5
CJ2M-CPU**: <= 2.0≤ 2.02.1
CS1H/G-CPU**H, CJ1G-CPU**P: <= 4.0≤ 4.04.1
CS1D-CPU**H/-CPU**P: <= 1.3≤ 1.31.4
CS1D-CPU**S: <= 2.0≤ 2.02.1
CP1E-E/-N: <= 1.2≤ 1.21.3
Smart Security Manager: >= 1.31 | <= 1.4≥ 1.31 | ≤ 1.4No fix (EOL)
Smart Security Manager: <= 1.5≤ 1.5No fix (EOL)
Remediation & Mitigation
0/9
Do now
0/3
HARDENINGPlace PLCs behind firewall and restrict network access from untrusted networks
HARDENINGIsolate PLC networks from business networks using network segmentation
WORKAROUNDIf remote access is required, use VPN with current security patches and strong credentials
Schedule — requires maintenance window
0/6

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CJ2H-CPU firmware to version 1.5 or later
HOTFIXUpdate CJ2M-CPU firmware to version 2.1 or later
HOTFIXUpdate CS1H/G-CPU and CJ1G-CPU firmware to version 4.1 or later
HOTFIXUpdate CS1D-CPU H/P firmware to version 1.4 or later
HOTFIXUpdate CS1D-CPU S firmware to version 2.1 or later
HOTFIXUpdate CP1E-E and CP1E-N firmware to version 1.3 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/25e40f1b-0cc9-4450-82f1-771ce4617445
Omron CJ/CS/CP Series | CVSS 7.5 - OTPulse