Industrial Cybersecurity Firm Discovers Vulnerabilities in Omron PLC and Engineering Software
Japanese electronics giant Omron has recently addressed programmable logic controller (PLC) and engineering software vulnerabilities that were discovered by industrial cybersecurity firm Dragos during the analysis of a sophisticated piece of malware. These vulnerabilities were identified during the investigation of a malware known as BadOmen, which is believed to be the work of a state-sponsored threat group. Dragos found that BadOmen had exploited a critical hardcoded credentials flaw, tracked as CVE-2022-34151, to interact with Omron NX/NJ controllers. However, the newly discovered vulnerabilities were not leveraged by the malware and there is no evidence of exploitation in the wild.
Details of the Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) and Omron have separately published advisories detailing the vulnerabilities and the availability of patches. The vulnerabilities include:
- CVE-2022-45790: A high-severity vulnerability in Omron CJ/CS/CP series PLCs that use the FINS protocol, which is susceptible to brute-force attacks.
- CVE-2022-45793: A medium-severity weakness in Omron Engineering software, specifically in the Sysmac Studio, that can be exploited to alter files and execute arbitrary code.
- CVE-2018-1002205: A medium-severity Zip-Slip bug affecting the Sysmac Studio and NX-IO Configurator, which can be used to write arbitrary files using specially crafted ZIP archives. This flaw is linked to a third-party component used in Omron products.
Two of the vulnerabilities were reported to Omron last year, which is why they have been assigned CVEs from 2022. The Zip-Slip bug, however, dates back to 2018 and impacts a third-party component used in Omron products. Researcher Michael Heinzl has been credited by Omron for reporting this vulnerability, and he has previously discovered high-severity remote code execution vulnerabilities in Omron‘s CX-Programmer software.
The Significance of the Discoveries
The discovery of these vulnerabilities highlights the persistent challenges faced by industrial control system (ICS) manufacturers in securing their products. While Omron acted promptly to patch the vulnerabilities, vulnerabilities in ICS equipment can have far-reaching consequences. As seen with the Pipedream malware that exploited a critical flaw in Omron PLCs, attackers can gain unauthorized access to industrial systems and manipulate physical processes, leading to operational disruptions, safety risks, and financial losses.
The fact that these vulnerabilities were discovered during the analysis of malware emphasizes the critical importance of incident response and malware analysis in identifying security flaws. Detecting and analyzing malware can provide valuable insights into the techniques and vulnerabilities that threat actors exploit, enabling organizations and vendors to proactively address such weaknesses.
Recommendations for Organizations and Vendors
To mitigate the risk of similar vulnerabilities, organizations and vendors should prioritize the following actions:
- Regular Patching: Organizations should promptly install security updates and patches provided by vendors to remediate known vulnerabilities.
- Security Testing: Vendors should conduct thorough security testing and code review of their products to identify and address any potential vulnerabilities before they can be exploited.
- Secure Development Practices: Vendors should adopt secure coding practices and follow industry standards, such as those outlined in the OWASP Top Ten list, to minimize the likelihood of introducing vulnerabilities in their software.
- Security Awareness: Organizations should educate their employees and users about the importance of cybersecurity hygiene, including the risks posed by social engineering attacks and the importance of securely configuring and maintaining their industrial systems.
- Collaboration and Information Sharing: Organizations and vendors should actively participate in information sharing forums, such as industry-specific ISACs (Information Sharing and Analysis Centers), to stay updated on the latest threats and vulnerabilities.
By taking these proactive measures, organizations and vendors can strengthen their defenses against cyberattacks and ensure the safety, reliability, and security of their industrial control systems.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Hacking the Industrial Infrastructure: Unveiling Vulnerabilities in Omron Patches and Engineering Software
- Zoom Commits to Privacy Promise: Vows Not to Exploit Customer Data for AI Training
- The Rise of Cyber Crime Cartels: Meet Gold Melody, the Underground Marketplace for Ransomware Access
- Exploring the Elusive Ukrainian Hacker: Unmasking the Mastermind Behind the “Free Download Manager” Malware Attack
- The Juniper Junos OS: Addressing Critical Flaws to Safeguard Against Remote Attacks
- TETRA:BURST — Unveiling the Fragile Foundation: 5 Critical Flaws in the Widely Used Radio Communication System
- Atlassian Takes Action: Patching Critical Flaws in Confluence and Bamboo
- The Aftermath of Casino Cyberattacks: Analyzing the Impact on MGM Resorts
- Cyberwarfare Unleashed: The International Criminal Court Under Attack
- Darknet Drug Marketplace Piilopuoti Shut Down by Law Enforcement: A Blow to the Illicit Online Trade
