Sign-up

ID

VAR-202206-2043


CVE

CVE-2022-31207


TITLE

Vulnerability related to digital signature verification in multiple OMRON Corporation products

Trust: 0.8

sources: JVNDB: JVNDB-2022-013961

DESCRIPTION

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter. sysmac cs1 firmware, sysmac cj2m firmware, sysmac cj2h Several OMRON Corporation products, including firmware, contain vulnerabilities related to digital signature verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Omron SYSMAC CS/CJ/CP Series and NJ/NX Series

Trust: 1.71

sources: NVD: CVE-2022-31207 // JVNDB: JVNDB-2022-013961 // VULMON: CVE-2022-31207

AFFECTED PRODUCTS

vendor:omronmodel:sysmac cp1hscope:ltversion:1.30

Trust: 1.0

vendor:omronmodel:sysmac cj2mscope:ltversion:2.1

Trust: 1.0

vendor:omronmodel:sysmac cp1escope:ltversion:1.30

Trust: 1.0

vendor:omronmodel:sysmac cj2hscope:ltversion:1.5

Trust: 1.0

vendor:omronmodel:cp1w-cif41scope:eqversion: -

Trust: 1.0

vendor:omronmodel:sysmac cp1lscope:ltversion:1.10

Trust: 1.0

vendor:omronmodel:sysmac cs1scope:ltversion:4.1

Trust: 1.0

vendor:オムロン株式会社model:sysmac cp1hscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:sysmac cs1scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:sysmac cj2mscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:sysmac cp1escope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:sysmac cj2hscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cp1w-cif41scope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:sysmac cp1lscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-013961 // NVD: CVE-2022-31207

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-31207
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-31207
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202206-2700
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-31207
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-31207
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-013961 // CNNVD: CNNVD-202206-2700 // NVD: CVE-2022-31207

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.0

problemtype:Improper verification of digital signatures (CWE-347) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-013961 // NVD: CVE-2022-31207

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2700

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202206-2700

EXTERNAL IDS

db:NVDid:CVE-2022-31207

Trust: 3.3

db:ICS CERTid:ICSA-22-179-02

Trust: 2.5

db:JVNid:JVNVU97111518

Trust: 0.8

db:JVNDBid:JVNDB-2022-013961

Trust: 0.8

db:AUSCERTid:ESB-2022.3140

Trust: 0.6

db:CS-HELPid:SB2022062924

Trust: 0.6

db:CNNVDid:CNNVD-202206-2700

Trust: 0.6

db:VULMONid:CVE-2022-31207

Trust: 0.1

sources: VULMON: CVE-2022-31207 // JVNDB: JVNDB-2022-013961 // CNNVD: CNNVD-202206-2700 // NVD: CVE-2022-31207

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02

Trust: 2.5

url:https://www.forescout.com/blog/

Trust: 2.4

url:https://jvn.jp/vu/jvnvu97111518/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-31207

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-31207/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3140

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062924

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02

Trust: 0.6

sources: VULMON: CVE-2022-31207 // JVNDB: JVNDB-2022-013961 // CNNVD: CNNVD-202206-2700 // NVD: CVE-2022-31207

CREDITS

Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202206-2700

SOURCES

db:VULMONid:CVE-2022-31207
db:JVNDBid:JVNDB-2022-013961
db:CNNVDid:CNNVD-202206-2700
db:NVDid:CVE-2022-31207

LAST UPDATE DATE

2024-08-14T12:35:42.858000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-013961date:2023-09-13T08:15:00
db:CNNVDid:CNNVD-202206-2700date:2022-08-10T00:00:00
db:NVDid:CVE-2022-31207date:2022-08-04T15:01:23.993

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-013961date:2023-09-13T00:00:00
db:CNNVDid:CNNVD-202206-2700date:2022-06-28T00:00:00
db:NVDid:CVE-2022-31207date:2022-07-26T22:15:11.440