Main Vulnerability Database Vulnerabilities #VU64803

#VU64803 Insufficient verification of data authenticity in SYSMAC NJ Series and SYSMAC NX Series - CVE-2022-31206

Published: June 29, 2022

Vulnerability identifier: #VU64803

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-31206

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SYSMAC NJ Series
SYSMAC NX Series

Software vendor:
Omron

Description

The vulnerability allows a remote user to compromsie the target system.

The vulnerability exists due to the logic that is downloaded to the PLC is not cryptographically authenticated. A remote administrator can manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-22-179-02