ID

VAR-202304-1903

CVE

CVE-2023-27396

TITLE

FINS  About security issues in the protocol

DESCRIPTION

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later). FINS The protocol is manufactured by Omron PLC or PC software, etc. FA network or FA This is a communication protocol that controls the control system using the command/response method. Supported by model FINS The commands are different. * I/O Read memory area / write in * Read parameter area / write in * Read program area / write in * Operation mode change * Read device configuration * CPU Read unit status * Access to time information * Read message / lift * Acquisition and release of access rights * Reading of error history, etc. * File operation * forced set / reset FINS The command message is " FINS header"" FINS It consists of three parts: command code and parameter. FINS Control device that received the command message / The software FINS Executes the processing corresponding to the command code and returns the processing result to FINS as a response message FINS Reply to the sender in the header. for that reason FINS Features such as message encryption, verification, and authentication are not defined. FINS The following problems have been pointed out against the protocol. 1. Plaintext communication FINS The protocol does not define encrypted communication. on the communication path FINS Since messages are sent and received in plain text, it is possible to easily read the contents by intercepting them. again, FINS No functionality is defined to detect message tampering. * Plaintext communication of sensitive information ( CWE-319 ) * Inadequate validation of data reliability ( CWE-345 ) 2. Therefore, it is not possible to identify an attack from a malicious communication partner. * Authentication evasion by spoofing (CWE-290) It was * Capture-replay Authentication evasion by attack (CWE-294) It was * Lack of authentication for critical features (CWE-306) It was * Inadequate validation of data reliability ( CWE-345 ) * Service operation interruption (DoS) Vulnerability (CWE-400) It was * Inadequate restrictions on external operation (CWE-412) It was * Inappropriate limits on interaction frequency (CWE-799) This document is owned by Omron and JPCERT/CC co-authored byFINS If a message is intercepted, its contents can be read

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

access control error

PATCH

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

2024-08-14T12:30:47.541000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE