ID

VAR-202207-0037


CVE

CVE-2022-34151


TITLE

Multiple vulnerabilities in multiple Omron products

Trust: 0.8

sources: JVNDB: JVNDB-2022-002691

DESCRIPTION

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan's Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system

Trust: 1.8

sources: NVD: CVE-2022-34151 // JVNDB: JVNDB-2022-002691 // VULHUB: VHN-426451 // VULMON: CVE-2022-34151

AFFECTED PRODUCTS

vendor:omronmodel:nx1w-cif01scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-5300scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1p2-1140dtscope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-1520scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx701-1600scope:lteversion:1.28

Trust: 1.0

vendor:omronmodel:nj501-r520scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-4500scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx102-1000scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-r300scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-4300scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-1500scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-r420scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:na5-15wscope:lteversion:1.15

Trust: 1.0

vendor:omronmodel:nj501-1420scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj-pd3001scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj101-1020scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1p2-9024dt1scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj101-9000scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx701-z600scope:lteversion:1.28

Trust: 1.0

vendor:omronmodel:nx102-1200scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-1300scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:sysmac studioscope:lteversion:1.49

Trust: 1.0

vendor:omronmodel:nj501-1320scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-r500scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-4310scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx102-1100scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:na5-7wscope:lteversion:1.15

Trust: 1.0

vendor:omronmodel:nj501-140scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:na5-12wscope:lteversion:1.15

Trust: 1.0

vendor:omronmodel:nx102-1020scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj301-1100scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj101-1000scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1w-mab221scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx701-1720scope:lteversion:1.28

Trust: 1.0

vendor:omronmodel:nx701-z700scope:lteversion:1.28

Trust: 1.0

vendor:omronmodel:nx701-1620scope:lteversion:1.28

Trust: 1.0

vendor:omronmodel:nx1w-cif12scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1p2-1040dt1scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj101-9020scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj301-1200scope:ltversion:1.48

Trust: 1.0

vendor:omronmodel:nj-pa3001scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1w-adb21scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-4400scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx102-1220scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1p2-9024dtscope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1w-cif11scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-4320scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx102-9020scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1p2-1040dtscope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:na5-9wscope:lteversion:1.15

Trust: 1.0

vendor:omronmodel:nj501-1340scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx102-1120scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-r400scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1p2-1140dt1scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nj501-r320scope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx1w-dab21vscope:lteversion:1.48

Trust: 1.0

vendor:omronmodel:nx701-1700scope:lteversion:1.28

Trust: 1.0

vendor:オムロン株式会社model:オートメーションソフトウェア sysmac studioscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:プログラマブルターミナル na シリーズscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:マシンオートメーションコントローラ nx シリーズscope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:マシンオートメーションコントローラ nj シリーズscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002691 // NVD: CVE-2022-34151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34151
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-002691
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202207-356
value: HIGH

Trust: 0.6

VULHUB: VHN-426451
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-34151
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-34151
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-426451
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-34151
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-002691
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-426451 // VULMON: CVE-2022-34151 // JVNDB: JVNDB-2022-002691 // CNNVD: CNNVD-202207-356 // NVD: CVE-2022-34151

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Capture-replay authentication evasion by (CWE-294) [ others ]

Trust: 0.8

problemtype: debug code in active state (CWE-489) [ others ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

problemtype:CWE-294

Trust: 0.1

sources: VULHUB: VHN-426451 // JVNDB: JVNDB-2022-002691 // NVD: CVE-2022-34151

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-356

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202207-356

PATCH

title:machine automation controller  NJ/NX  Authentication Bypass Vulnerability in Communication Function of Series Omron Corporationurl:https://www.fa.omron.co.jp/product/vulnerability/OMSR-2022-001_ja.pdf

Trust: 0.8

title:Multiple Omron Repair measures for product trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=200206

Trust: 0.6

sources: JVNDB: JVNDB-2022-002691 // CNNVD: CNNVD-202207-356

EXTERNAL IDS

db:NVDid:CVE-2022-34151

Trust: 3.4

db:JVNid:JVNVU97050784

Trust: 2.6

db:JVNDBid:JVNDB-2022-002691

Trust: 1.4

db:USCERTid:AA22-103A

Trust: 0.8

db:CNNVDid:CNNVD-202207-356

Trust: 0.7

db:CS-HELPid:SB2022070405

Trust: 0.6

db:VULHUBid:VHN-426451

Trust: 0.1

db:VULMONid:CVE-2022-34151

Trust: 0.1

sources: VULHUB: VHN-426451 // VULMON: CVE-2022-34151 // JVNDB: JVNDB-2022-002691 // CNNVD: CNNVD-202207-356 // NVD: CVE-2022-34151

REFERENCES

url:https://jvn.jp/en/vu/jvnvu97050784/index.html

Trust: 1.8

url:https://www.ia.omron.com/product/vulnerability/omsr-2022-001_en.pdf

Trust: 1.8

url:https://jvn.jp/vu/jvnvu97050784/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-34151

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-33208

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-33971

Trust: 0.8

url:https://www.cisa.gov/uscert/ncas/alerts/aa22-103a

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-34151/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070405

Trust: 0.6

url:https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002691.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/294.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-426451 // VULMON: CVE-2022-34151 // JVNDB: JVNDB-2022-002691 // CNNVD: CNNVD-202207-356 // NVD: CVE-2022-34151

SOURCES

db:VULHUBid:VHN-426451
db:VULMONid:CVE-2022-34151
db:JVNDBid:JVNDB-2022-002691
db:CNNVDid:CNNVD-202207-356
db:NVDid:CVE-2022-34151

LAST UPDATE DATE

2024-08-14T14:49:43.121000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426451date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-34151date:2022-07-15T00:00:00
db:JVNDBid:JVNDB-2022-002691date:2022-11-09T08:53:00
db:CNNVDid:CNNVD-202207-356date:2022-11-10T00:00:00
db:NVDid:CVE-2022-34151date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-426451date:2022-07-04T00:00:00
db:VULMONid:CVE-2022-34151date:2022-07-04T00:00:00
db:JVNDBid:JVNDB-2022-002691date:2022-11-09T00:00:00
db:CNNVDid:CNNVD-202207-356date:2022-07-04T00:00:00
db:NVDid:CVE-2022-34151date:2022-07-04T02:15:07.727