External risk intelligence

Omron Automation Controllers Hard-Coded Credentials Risk.

CVE advisorySeverity: HIGH (CVSS 8.1)

CVE-2022-34151

Omron automation controllers and software are affected by a hard-coded credentials vulnerability. This could allow an attacker to access the controller, potentially impacting operations and data integrity. The business risk is associated with unauthorized access to industrial control systems.

2Halo Surface Signal

Omron Nx701 1600 Firmware

1.28 and earlier1.48 and earlierbefore 1.48

External exposure likelihood

Halo Surface Signal score for CVE-2022-34151

These products are industrial machine automation controllers and associated engineering software. While they may be network-reachable in some operational technology (OT) environments, they are designed for internal control networks and are not intended to be exposed directly to the public internet.

Horizon Alert

Summary of the vulnerability and why it matters

Omron machine automation controllers and the Sysmac Studio software contain a vulnerability related to hard-coded credentials. This flaw allows an attacker who can obtain these credentials by analyzing the product to gain unauthorized access to the controller. The impact of such access could involve significant disruption to industrial operations and potential compromise of sensitive data.

Machine automation controllers and software
Uses hard-coded credentials
Unauthorized controller access

Attack Path

How an attacker could exploit the issue

This vulnerability allows an attacker to gain unauthorized access to an industrial controller by exploiting hard-coded credentials. An attacker could obtain these credentials by analyzing the affected product. Successful exploitation could lead to the attacker accessing the controller.

Exposure condition: Hard-coded credentials within the product.
Attacker starting point: Obtain credentials via product analysis.
Trigger and result: Access to the controller.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to gain unauthorized access to industrial automation controllers by exploiting hard-coded credentials. The affected systems are used in machine automation and control processes, and a successful exploit could disrupt operations. The business risk is assessed as high due to the potential impact on critical industrial systems.

Attackers with moderate skill may exploit.
Remote access is possible without user credentials.
Treat as urgent due to operational risk.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The organization should address a hard-coded credentials vulnerability affecting specific Omron machine automation controllers and software. This vulnerability may allow an unauthorized remote attacker to gain access to the controller by analyzing the product. The potential impact includes unauthorized access to critical control systems and potential disruption of operations.

Identify all affected controllers and software.
Restrict network access to these systems.
Update to vendor-provided fixes and confirm resolution.
Monitor systems for suspicious activity.

Frequently asked questions

What types of Omron devices are affected by the hard-coded credentials vulnerability?

The vulnerability affects Omron's Machine Automation Controller NJ series (all models V1.48 and earlier), Machine Automation Controller NX7 series (all models V1.28 and earlier), Machine Automation Controller NX1 series (all models V1.48 and earlier), Automation Software 'Sysmac Studio' (all models V1.49 and earlier), and Programmable Terminal (PT) NA series models NA5-15W, NA5-12W, NA5-9W, and NA5-7W (Runtime V1.15 and earlier).

What is the weakness class associated with CVE-2022-34151?

This vulnerability is classified under CWE-798, which pertains to the use of hard-coded credentials. This means that sensitive security information, such as usernames and passwords, are embedded directly within the software or firmware code.

How could a remote attacker exploit this vulnerability?

An attacker who successfully obtains the hard-coded user credentials by analyzing the affected product could gain unauthorized access to the controller. This access could potentially allow them to manipulate the controller's operations or access sensitive data within the industrial control system.

What is the relevance of CVE-2022-34151 in the context of Halo's threat advisory?

Halo's threat advisory indicates that while the vulnerability has a CVSS v3.1 attack vector of Network (AV:N), making it technically reachable from external networks, the affected products are industrial machine automation controllers. These are typically located within internal control networks and are not intended for direct internet exposure. Therefore, the likelihood of exploitation is considered 'Unlikely' from an external threat perspective.

What actions should be taken to address this vulnerability?

The primary recommended action is to update the affected Omron devices and software to versions beyond the specified vulnerable releases. Specifically, users should update NJ series controllers to V1.49 or later, NX7 series to V1.29 or later, NX1 series to V1.49 or later, Sysmac Studio to V1.50 or later, and NA series PT Runtime to V1.16 or later.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.