CVE-2023-0811

Summary

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.

Affected Software

VendorProductVersion RangeStatus
OmronCJ1M SYSMAC CJ-seriesAll versionsaffected
OmronCJ1M SYSMAC CJ-seriesAll versionsaffected
OmronCJ1M SYSMAC CJ-seriesAll versionsaffected
OmronCJ1M SYSMAC CJ-seriesAll versionsaffected
OmronCJ1M SYSMAC CS-seriesAll versionsaffected
OmronCJ1M SYSMAC CS-seriesAll versionsaffected
OmronCJ1M SYSMAC CS-seriesAll versionsaffected
OmronCJ1M SYSMAC CS-seriesAll versionsaffected
OmronCJ1M SYSMAC CS-seriesAll versionsaffected
OmronCJ1M SYSMAC CS-seriesAll versionsaffected
OmronCJ1M SYSMAC CS-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected
OmronCJ1M SYSMAC CP-seriesAll versionsaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

Workarounds

OMRON has released the following countermeasures for users to implement:

  • Enable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit)
  • Set UM read protection password and “Prohibit from overwriting to a protected program “option.

If the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures:

Security measures to prevent unauthorized access:

  • If the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. * Enable the FINS write protection function.

  • Select the Protect by IP Address

  • Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.  

  • Implement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network.

  • Use a virtual private network (VPN) for remote access to control systems and equipment.

  • Use strong passwords and change them frequently.

  • Install physical controls so that only authorized personnel can access control systems and equipment.

  • Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.

  • Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.

  • Anti-virus protection * Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.

  • Data input and output protection * Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.

  • Data recovery * Periodical data backup and maintenance to prepare for data loss.

For more information, see Omron’s Security Advisory https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf .

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References